The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle TopLink

vulnerability note CVE-2015-3237 CVE-2015-7182 CVE-2016-1181

Oracle Fusion Middleware: vulnerabilities of July 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Fusion Middleware.
Impacted products: WebSphere AS Traditional, Oracle Communications, Oracle Directory Server, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Portal, Solaris, Oracle TopLink, WebLogic.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: user account.
Number of vulnerabilities in this bulletin: 22.
Creation date: 20/07/2016.
Identifiers: 7014463, cpuapr2019, cpujul2016, cpuoct2018, CVE-2015-3237, CVE-2015-7182, CVE-2016-1181, CVE-2016-1548, CVE-2016-2107, CVE-2016-3432, CVE-2016-3433, CVE-2016-3445, CVE-2016-3446, CVE-2016-3474, CVE-2016-3482, CVE-2016-3487, CVE-2016-3499, CVE-2016-3502, CVE-2016-3504, CVE-2016-3510, CVE-2016-3544, CVE-2016-3564, CVE-2016-3586, CVE-2016-3607, CVE-2016-3608, CVE-2016-5019, CVE-2016-5477, VIGILANCE-VUL-20164, ZDI-16-441, ZDI-16-442, ZDI-16-443, ZDI-16-444.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion Middleware.

An attacker can use a vulnerability via Oracle Directory Server Enterprise Edition, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-7182]

An attacker can use a vulnerability via Oracle GlassFish Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3607, ZDI-16-442]

An attacker can use a vulnerability via Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3510, ZDI-16-443]

An attacker can use a vulnerability via Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3586, ZDI-16-441]

An attacker can use a vulnerability via Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3499, ZDI-16-444]

An attacker can use a vulnerability via Oracle JDeveloper, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3504, CVE-2016-5019]

An attacker can use a vulnerability via Oracle Business Intelligence Enterprise Edition, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3446]

An attacker can use a vulnerability via Oracle Portal, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-1181]

An attacker can use a vulnerability via Oracle TopLink, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3564]

An attacker can use a vulnerability via Oracle WebCenter Sites, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3487]

An attacker can use a vulnerability via Oracle Business Intelligence Enterprise Edition, in order to obtain or alter information. [severity:3/4; CVE-2016-3544]

An attacker can use a vulnerability via Oracle Exalogic Infrastructure, in order to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-1548]

An attacker can use a vulnerability via Oracle GlassFish Server, in order to obtain information, or to trigger a denial of service. [severity:2/4; CVE-2015-3237]

An attacker can use a vulnerability via Oracle WebCenter Sites, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-3502]

An attacker can use a vulnerability via Oracle Access Manager, in order to obtain information. [severity:2/4; CVE-2016-2107]

An attacker can use a vulnerability via Oracle GlassFish Server, in order to obtain information. [severity:2/4; CVE-2016-3608]

An attacker can use a vulnerability via Oracle GlassFish Server, in order to obtain information. [severity:2/4; CVE-2016-5477]

An attacker can use a vulnerability via BI Publisher (formerly XML Publisher), in order to obtain or alter information. [severity:2/4; CVE-2016-3432]

An attacker can use a vulnerability via Oracle Business Intelligence Enterprise Edition, in order to obtain or alter information. [severity:2/4; CVE-2016-3433]

An attacker can use a vulnerability via Oracle WebLogic Server, in order to trigger a denial of service. [severity:2/4; CVE-2016-3445]

An attacker can use a vulnerability via BI Publisher (formerly XML Publisher), in order to obtain information. [severity:1/4; CVE-2016-3474]

An attacker can use a vulnerability via Oracle HTTP Server, in order to obtain information. [severity:1/4; CVE-2016-3482]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle TopLink: