The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of Oracle Fusion Middleware: several vulnerabilities of April 2012

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion Middleware are corrected by the CPU of April 2012.
Severity of this weakness: 3/4.
Number of vulnerabilities in this bulletin: 11.
Creation date: 18/04/2012.
Références of this bulletin: BID-53053, BID-53054, BID-53060, BID-53062, BID-53069, BID-53070, BID-53079, BID-53082, BID-53083, BID-53087, CERTA-2012-AVI-220, cpuapr2012, CVE-2012-0515, CVE-2012-0522, CVE-2012-0532, CVE-2012-0543, CVE-2012-0554, CVE-2012-0555, CVE-2012-0556, CVE-2012-0557, CVE-2012-1695, CVE-2012-1709, CVE-2012-1710, VIGILANCE-VUL-11550, ZDI-12-073, ZDI-12-074, ZDI-12-150, ZDI-12-151, ZDI-12-152, ZDI-12-202.

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of Oracle Fusion Middleware.

An attacker can use a vulnerability of Oracle JRockit, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CVE-2012-1695]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53069, CVE-2012-0554]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53070, CVE-2012-0555]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53087, CVE-2012-0556]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53054, CVE-2012-0557]

An attacker can use a vulnerability of Oracle WebCenter Forms Recognition, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53082, CVE-2012-1709, ZDI-12-074]

An attacker can use a vulnerability of Oracle WebCenter Forms Recognition, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53062, CVE-2012-1710, ZDI-12-073]

An attacker can use a vulnerability of Identity Manager, in order to obtain or alter information. [severity:2/4; BID-53060, CVE-2012-0532]

An attacker can use a vulnerability of BI Publisher (XML Publisher), in order to alter information. [severity:2/4; BID-53083, CVE-2012-0543]

An attacker can use a vulnerability of Oracle JDeveloper, in order to alter information. [severity:2/4; BID-53053, CVE-2012-0522]

An attacker can use a vulnerability of Identity Manager Connector, in order to alter information. [severity:2/4; BID-53079, CVE-2012-0515]
Full Vigil@nce bulletin... (Request your free trial)

This cybersecurity threat impacts software or systems such as Oracle AS, Oracle Fusion Middleware, Oracle Identity Management, Oracle OIT.

Our Vigil@nce team determined that the severity of this computer threat note is important.

The trust level is of type confirmed by the editor, with an origin of internet client.

This bulletin is about 11 vulnerabilities.

An attacker with a expert ability can exploit this security threat.

Solutions for this threat

Oracle Fusion Middleware: CPU of April 2012.
A Critical Patch Update is available:
  http://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1406574.1
Full Vigil@nce bulletin... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides computers vulnerabilities alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities.