CVE-2016-0635

Published Jul 21, 2016

Last updated 6 years ago

CVSS high 8.8

Overview

Description: Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.0.2.3, and 3.0.1.0; the Oracle Healthcare Master Person Index component in Oracle Health Sciences Applications 2.0.12, 3.0.0, and 4.0.1; the Oracle Documaker component in Oracle Insurance Applications before 12.5; the Oracle Insurance Calculation Engine component in Oracle Insurance Applications 9.7.1, 10.1.2, and 10.2.2; the Oracle Insurance Policy Administration J2EE and Oracle Insurance Rules Palette components in Oracle Insurance Applications 9.6.1, 9.7.1, 10.0.1, 10.1.2, 10.2.0, and 10.2.2; the Oracle Retail Integration Bus component in Oracle Retail Applications 15.0; the Oracle Retail Order Broker component in Oracle Retail Applications 5.1, 5.2, and 15.0; the Primavera Contract Management component in Oracle Primavera Products Suite 14.2; the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.2, 8.3, 8.4, 15.1, 15.2, and 16.1; the Oracle Financial Services Analytical Applications Infrastructure component in Oracle Financial Services Applications 8.0.0, 8.0.1, 8.0.2, and 8.0.3; the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce 3.1.1, 3.1.2, 11.0, 11.1, and 11.2; the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5; the Oracle Communications BRM - Elastic Charging Engine 11.2.0.0.0 and 11.3.0.0.0; the Oracle Enterprise Repository Enterprise Repository 12.1.3.0.0; the Oracle Financial Services Behavior Detection Platform 8.0.1 and 8.0.2; the Oracle Hyperion Essbase 12.2.1.1; the Oracle Tuxedo System and Applications Monitor (TSAM) 11.1.1.2.0, 11.1.1.2.1, 11.1.1.2.1, 12.1.1.1.0, 12.1.3.0.0, and 12.2.2.0.0; the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (Spring)) 7.0, 7.1 and 7.2; the Oracle Endeca Information Discovery Integrator 3.2; the Converged Commerce component of Oracle Retail Applications 16.0.1; the Oracle Identity Manager 11.1.2.3.0; Oracle Enterprise Manager for MySQL Database 12.1.0.4; Oracle Retail Invoice Matching 12.0, 13.0, 13.1, 13.2, 14.0, and 14.1; Oracle Communications Performance Intelligence Center (PIC) Software Prior to 10.2.1 and the Oracle Knowledge component of Oracle Siebel CRM (subcomponent: AnswerFlow (Spring Framework)) version 8.5.1.0 - 8.5.1.7 and 8.6.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
Source: secalert_us@oracle.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9
Impact score: 10
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01343D36-2216-41A3-9DFC-0C5DB51D4C99",
            "versionEndIncluding": "12.5"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA2CF507-AA3F-464C-88DF-71E30672E623"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE12B6A4-E128-41EC-8017-558F50B961BE"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F8B45C6-A877-4317-BCE5-EF9E9542276A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:1.2.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86137150-DCA9-48DF-AD0C-55A4F7D3755A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:2.0.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07836763-D6DF-46BD-87BE-899A0E3CD67E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2298850C-D649-461F-8F7E-D835E431BA22"
          },
          {
            "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:2.0.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E32AAFA-06B2-407A-A76F-1DC6145F0FF4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5E573A7-4136-4AE5-B72B-B7F30E457A09"
          },
          {
            "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8AFE047-01DC-4F1F-A566-9734EE946068"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:9.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "418B41F8-C9E9-4901-AE9F-9950530CE322"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B8963C5-453B-4EEE-8897-36FCFD9E1BB8"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34CDC297-3C72-451B-AC07-48E8C6078035"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:9.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D22E21FA-C87A-422F-8FF6-4CF618C3833A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:9.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B33AD0F-9537-4E26-8148-C0B45B9CB311"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C24C6391-0C5F-4564-9D85-0097C5B52942"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2520FFA2-84B8-42DB-8A16-AB522AC946DC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64D4B80E-2B67-4BDC-9A3A-7BFDA171016A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5082FFBD-F6DF-4EA8-9E39-0EC13DE72346"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:9.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A870C366-0E16-47BE-A432-ECE3BA7B8E96"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:9.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DAA2D4F-DBD8-4EE5-A727-5A3A596FF232"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD2725B9-A725-4C1C-8503-176A7B359402"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBAE72BB-6697-46A5-B90F-E0CA400ABC85"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEDF91E2-E7B5-40EE-B71F-C7D59F4021BD"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1DCB15F-9481-4ACE-9751-6BF09404A2BE"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_contract_management:14.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B349436-FAB2-4802-9189-ED6CAD96704C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A56DC460-26F5-453E-A5BC-4C60AA3212EB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A47BF03C-BF18-4477-9DBB-20EFEA53AFAB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84BF6794-2CE6-407F-B8E0-81871AB7B40B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93A4E178-0082-45C5-BBC0-0A4E51C8B1DE"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F021C23-AB9B-4877-833F-D01359A98762"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F8ED016-32A1-42EE-844E-3E6B2C116B74"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_order_broker_cloud_service:5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1805C8F-2487-436C-B1DE-5EBC5687F38E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_order_broker_cloud_service:5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA9A5354-415D-44F3-8B59-C2177D1244A1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_order_broker_cloud_service:15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B9763AF-282B-40C7-B35C-4CA8C22FDC76"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References