The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability CVE-2012-0515 CVE-2012-0522 CVE-2012-0532

Oracle Fusion Middleware: several vulnerabilities of April 2012

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion Middleware are corrected by the CPU of April 2012.
Vulnerable products: Oracle AS, Oracle Fusion Middleware, Oracle Identity Management, Oracle OIT.
Severity of this weakness: 3/4.
Consequences of a hack: privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Hacker's origin: internet client.
Number of vulnerabilities in this bulletin: 11.
Creation date: 18/04/2012.
Références of this bulletin: BID-53053, BID-53054, BID-53060, BID-53062, BID-53069, BID-53070, BID-53079, BID-53082, BID-53083, BID-53087, CERTA-2012-AVI-220, cpuapr2012, CVE-2012-0515, CVE-2012-0522, CVE-2012-0532, CVE-2012-0543, CVE-2012-0554, CVE-2012-0555, CVE-2012-0556, CVE-2012-0557, CVE-2012-1695, CVE-2012-1709, CVE-2012-1710, VIGILANCE-VUL-11550, ZDI-12-073, ZDI-12-074, ZDI-12-150, ZDI-12-151, ZDI-12-152, ZDI-12-202.

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of Oracle Fusion Middleware.

An attacker can use a vulnerability of Oracle JRockit, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CVE-2012-1695]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53069, CVE-2012-0554]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53070, CVE-2012-0555]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53087, CVE-2012-0556]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53054, CVE-2012-0557]

An attacker can use a vulnerability of Oracle WebCenter Forms Recognition, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53082, CVE-2012-1709, ZDI-12-074]

An attacker can use a vulnerability of Oracle WebCenter Forms Recognition, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53062, CVE-2012-1710, ZDI-12-073]

An attacker can use a vulnerability of Identity Manager, in order to obtain or alter information. [severity:2/4; BID-53060, CVE-2012-0532]

An attacker can use a vulnerability of BI Publisher (XML Publisher), in order to alter information. [severity:2/4; BID-53083, CVE-2012-0543]

An attacker can use a vulnerability of Oracle JDeveloper, in order to alter information. [severity:2/4; BID-53053, CVE-2012-0522]

An attacker can use a vulnerability of Identity Manager Connector, in order to alter information. [severity:2/4; BID-53079, CVE-2012-0515]
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a network vulnerability management. The Vigil@nce vulnerability database contains several thousand vulnerabilities. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.