ID CVE-2017-3500 Type cve Reporter cve@mitre.org Modified 2019-10-03T00:03:00
Description
Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.0 Base Score 8.7 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H).
{"id": "CVE-2017-3500", "bulletinFamily": "NVD", "title": "CVE-2017-3500", "description": "Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.0 Base Score 8.7 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H).", "published": "2017-04-24T19:59:00", "modified": "2019-10-03T00:03:00", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3500", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/97881", "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "http://www.securitytracker.com/id/1038289"], "cvelist": ["CVE-2017-3500"], "type": "cve", "lastseen": "2020-10-03T13:07:43", "edition": 4, "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["ORACLE_PRIMAVERA_GATEWAY_CPU_APR_2017.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2017-3236618"]}], "modified": "2020-10-03T13:07:43", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2020-10-03T13:07:43", "rev": 2}, "vulnersScore": 5.6}, "cpe": ["cpe:/a:oracle:primavera_gateway:15.1", "cpe:/a:oracle:primavera_gateway:1.0", "cpe:/a:oracle:primavera_gateway:1.1", "cpe:/a:oracle:primavera_gateway:16.2", "cpe:/a:oracle:primavera_gateway:16.1", "cpe:/a:oracle:primavera_gateway:15.2", "cpe:/a:oracle:primavera_gateway:14.2"], "affectedSoftware": [{"cpeName": "oracle:primavera_gateway", "name": "oracle primavera gateway", "operator": "eq", "version": "1.0"}, {"cpeName": "oracle:primavera_gateway", "name": "oracle primavera gateway", "operator": "eq", "version": "1.1"}, {"cpeName": "oracle:primavera_gateway", "name": "oracle primavera gateway", "operator": "eq", "version": "16.1"}, {"cpeName": "oracle:primavera_gateway", "name": "oracle primavera gateway", "operator": "eq", "version": "14.2"}, {"cpeName": "oracle:primavera_gateway", "name": "oracle primavera gateway", "operator": "eq", "version": "15.1"}, {"cpeName": "oracle:primavera_gateway", "name": "oracle primavera gateway", "operator": "eq", "version": "15.2"}, {"cpeName": "oracle:primavera_gateway", "name": "oracle primavera gateway", "operator": "eq", "version": "16.2"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 5.8}, "cpe23": ["cpe:2.3:a:oracle:primavera_gateway:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:14.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:15.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:16.1:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:14.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:15.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:1.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:1.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.1:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}
{"nessus": [{"lastseen": "2021-01-01T04:34:53", "description": "According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web\nserver is 1.x, 14.x prior to 14.2.2.0, 15.x prior to 15.2.12.0, or 16.x prior to 16.2.2.0. It is, therefore, affected by\nmultiple vulnerabilities in the Primavera Desktop Integration subcomponent. These vulnerabilities are easily exploitable\nand allow a high privileged, remote attacker with network access via HTTP to compromise the Primavera Gateway. Attacks\ncan result in a takeover of the Primavera Gateway (CVE-2017-3508) or unauthorized access to data or a denial of service\n(DoS) condition (CVE-2017-3500),\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.", "edition": 15, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-01-16T00:00:00", "title": "Oracle Primavera Gateway Multiple Vulnerabilities (Apri 2017 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3508", "CVE-2017-3500"], "modified": "2021-01-02T00:00:00", "cpe": ["x-cpe:/a:oracle:primavera_gateway"], "id": "ORACLE_PRIMAVERA_GATEWAY_CPU_APR_2017.NASL", "href": "https://www.tenable.com/plugins/nessus/132955", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132955);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/18\");\n\n script_cve_id(\"CVE-2017-3500\", \"CVE-2017-3508\");\n script_bugtraq_id(97881, 97883);\n\n script_name(english:\"Oracle Primavera Gateway Multiple Vulnerabilities (Apri 2017 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application running on the remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web\nserver is 1.x, 14.x prior to 14.2.2.0, 15.x prior to 15.2.12.0, or 16.x prior to 16.2.2.0. It is, therefore, affected by\nmultiple vulnerabilities in the Primavera Desktop Integration subcomponent. These vulnerabilities are easily exploitable\nand allow a high privileged, remote attacker with network access via HTTP to compromise the Primavera Gateway. Attacks\ncan result in a takeover of the Primavera Gateway (CVE-2017-3508) or unauthorized access to data or a denial of service\n(DoS) condition (CVE-2017-3500),\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2017.html#AppendixPVA\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2243231.1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle Primavera Gateway version 14.2.2.0 / 15.2.12.0 / 16.2.2.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3508\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:oracle:primavera_gateway\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_primavera_gateway.nbin\");\n script_require_keys(\"installed_sw/Oracle Primavera Gateway\");\n script_require_ports(\"Services/www\", 8006);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\n\napp = 'Oracle Primavera Gateway';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:8006);\n\napp_info = vcf::get_app_info(app:app, port:port);\n\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nconstraints = [\n { 'min_version' : '1.0.0', 'max_version' : '2.0.0', 'fixed_version' : '14.2.2.0' },\n { 'min_version' : '14.0.0', 'fixed_version' : '14.2.2.0' },\n { 'min_version' : '15.0.0', 'fixed_version' : '15.2.12.0' },\n { 'min_version' : '16.0.0', 'fixed_version' : '16.2.2.0' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "oracle": [{"lastseen": "2019-05-29T18:21:19", "bulletinFamily": "software", "cvelist": ["CVE-2017-3543", "CVE-2017-3565", "CVE-2017-3556", "CVE-2017-3495", "CVE-2017-3480", "CVE-2017-3585", "CVE-2017-3474", "CVE-2017-3518", "CVE-2017-3549", "CVE-2017-3607", "CVE-2015-5351", "CVE-2017-3434", "CVE-2017-3608", "CVE-2016-8620", "CVE-2015-1792", "CVE-2016-8623", "CVE-2017-3597", "CVE-2016-6796", "CVE-2017-3304", "CVE-2016-5420", "CVE-2017-3552", "CVE-2017-3586", "CVE-2017-3511", "CVE-2017-3356", "CVE-2017-3559", "CVE-2017-3581", "CVE-2017-3462", "CVE-2017-3524", "CVE-2017-3337", "CVE-2017-3579", "CVE-2016-6288", "CVE-2017-3347", "CVE-2016-4436", "CVE-2016-6290", "CVE-2016-8615", "CVE-2016-8616", "CVE-2017-3560", "CVE-2016-5019", "CVE-2016-8619", "CVE-2015-3236", "CVE-2017-3342", "CVE-2016-6306", "CVE-2017-3530", "CVE-2017-3541", "CVE-2017-3527", "CVE-2015-1789", "CVE-2017-3610", "CVE-2016-2183", "CVE-2017-3460", "CVE-2017-3432", "CVE-2017-3573", "CVE-2017-3487", "CVE-2017-3493", "CVE-2017-3528", "CVE-2015-0286", "CVE-2016-2178", "CVE-2017-3514", "CVE-2013-2005", "CVE-2017-3507", "CVE-2017-3478", "CVE-2017-3611", "CVE-2015-3195", "CVE-2017-3516", "CVE-2016-8743", "CVE-2017-3592", "CVE-2017-3571", "CVE-2017-3525", "CVE-2017-3563", "CVE-2017-3482", "CVE-2017-3476", "CVE-2016-8625", "CVE-2016-8618", "CVE-2017-3606", "CVE-2016-0714", "CVE-2016-3092", "CVE-2017-3477", "CVE-2014-3571", "CVE-2017-3506", "CVE-2017-3540", "CVE-2017-3471", "CVE-2016-6302", "CVE-2013-1985", "CVE-2017-3499", "CVE-2016-2177", "CVE-2017-3233", "CVE-2017-3569", "CVE-2013-1982", "CVE-2017-3465", "CVE-2017-3230", "CVE-2012-5883", "CVE-2017-3232", "CVE-2017-3619", "CVE-2016-0729", "CVE-2016-0635", "CVE-2016-2105", "CVE-2017-3622", "CVE-2013-1984", "CVE-2017-3513", "CVE-2017-3489", "CVE-2017-3306", "CVE-2017-3508", "CVE-2017-3459", "CVE-2016-2107", "CVE-2017-3568", "CVE-2016-7055", "CVE-2016-3607", "CVE-2015-7501", "CVE-2017-3510", "CVE-2017-3731", "CVE-2017-3625", "CVE-2016-6307", "CVE-2017-3572", "CVE-2013-2003", "CVE-2017-3536", "CVE-2017-3302", "CVE-2016-2510", "CVE-2017-3512", "CVE-2017-3503", "CVE-2017-5638", "CVE-2017-3564", "CVE-2016-8617", "CVE-2017-3626", "CVE-2016-0762", "CVE-2017-3502", "CVE-2016-1182", "CVE-2013-1987", "CVE-2017-3612", "CVE-2016-0763", "CVE-2017-3515", "CVE-2017-3463", "CVE-2017-3521", "CVE-2012-0920", "CVE-2016-6308", "CVE-2016-6816", "CVE-2016-2180", "CVE-2017-3591", "CVE-2017-3520", "CVE-2017-3578", "CVE-2017-3355", "CVE-2017-3547", "CVE-2013-1983", "CVE-2017-3613", "CVE-2012-5881", "CVE-2017-3621", "CVE-2017-3497", "CVE-2016-2109", "CVE-2015-5252", "CVE-2017-3456", "CVE-2017-3537", "CVE-2016-2181", "CVE-2017-3601", "CVE-2017-3523", "CVE-2017-3595", "CVE-2016-6304", "CVE-2017-3500", "CVE-2017-3580", "CVE-2014-0114", "CVE-2017-3483", "CVE-2017-3490", "CVE-2017-3451", "CVE-2017-3732", "CVE-2016-5407", "CVE-2017-3594", "CVE-2017-3604", "CVE-2017-3237", "CVE-2017-3618", "CVE-2017-3473", "CVE-2017-3331", "CVE-2017-3504", "CVE-2017-3574", "CVE-2017-3593", "CVE-2013-1995", "CVE-2012-5882", "CVE-2016-6817", "CVE-2017-3309", "CVE-2015-3237", "CVE-2017-3575", "CVE-2017-3329", "CVE-2016-6295", "CVE-2017-3509", "CVE-2017-3491", "CVE-2017-3492", "CVE-2016-6297", "CVE-2016-8622", "CVE-2016-6292", "CVE-2015-1788", "CVE-2017-3505", "CVE-2017-3533", "CVE-2017-3535", "CVE-2017-3605", "CVE-2017-3587", "CVE-2016-3504", "CVE-2017-3308", "CVE-2016-7052", "CVE-2017-3546", "CVE-2017-3558", "CVE-2017-3542", "CVE-2017-3496", "CVE-2017-3467", "CVE-2016-5018", "CVE-2017-3481", "CVE-2017-3345", "CVE-2014-3596", "CVE-2017-3548", "CVE-2017-3602", "CVE-2016-6289", "CVE-2015-0204", "CVE-2017-3583", "CVE-2016-0706", "CVE-2017-3457", "CVE-2017-3609", "CVE-2012-1007", "CVE-2017-3544", "CVE-2017-3603", "CVE-2013-1986", "CVE-2013-2002", "CVE-2017-3554", "CVE-2017-3475", "CVE-2016-8624", "CVE-2017-3570", "CVE-2016-1181", "CVE-2016-5483", "CVE-2016-3739", "CVE-2017-3486", "CVE-2017-3485", "CVE-2013-2566", "CVE-2016-2176", "CVE-2016-8735", "CVE-2015-1790", "CVE-2017-3453", "CVE-2017-3470", "CVE-2016-6294", "CVE-2017-3577", "CVE-2016-6305", "CVE-2017-3538", "CVE-2016-6303", "CVE-2017-3498", "CVE-2017-3526", "CVE-2017-3461", "CVE-2017-3393", "CVE-2017-3464", "CVE-2017-3620", "CVE-2017-3561", "CVE-2016-2182", "CVE-2017-3616", "CVE-2017-3501", "CVE-2017-3600", "CVE-2016-5421", "CVE-2017-3288", "CVE-2017-3522", "CVE-2016-5551", "CVE-2017-3531", "CVE-2017-3551", "CVE-2017-3582", "CVE-2017-3614", "CVE-2017-3458", "CVE-2017-3539", "CVE-2017-3469", "CVE-2004-2761", "CVE-2017-3589", "CVE-2017-3450", "CVE-2015-7940", "CVE-2016-3674", "CVE-2017-3599", "CVE-2017-3555", "CVE-2017-3584", "CVE-2017-3468", "CVE-2017-3615", "CVE-2017-3494", "CVE-2017-3557", "CVE-2017-3596", "CVE-2017-3519", "CVE-2016-6794", "CVE-2016-3506", "CVE-2017-3576", "CVE-2017-3254", "CVE-2017-3307", "CVE-2016-5419", "CVE-2017-3488", "CVE-2017-3553", "CVE-2017-3305", "CVE-2017-3534", "CVE-2017-3479", "CVE-2016-4802", "CVE-2017-3730", "CVE-2017-3623", "CVE-2016-6797", "CVE-2016-2179", "CVE-2017-3452", "CVE-2016-2106", "CVE-2016-6291", "CVE-2017-3517", "CVE-2017-3545", "CVE-2015-4852", "CVE-2017-3550", "CVE-2017-3472", "CVE-2017-3484", "CVE-2017-3234", "CVE-2013-5209", "CVE-2017-3454", "CVE-2017-3598", "CVE-2015-1791", "CVE-2016-8621", "CVE-2016-6296", "CVE-2017-3455", "CVE-2017-3590", "CVE-2017-3567", "CVE-2017-3532", "CVE-2016-6309", "CVE-2013-1998", "CVE-2017-3617"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 300 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [April 2017 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2252203.1>).\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "modified": "2017-06-20T00:00:00", "published": "2017-04-18T00:00:00", "id": "ORACLE:CPUAPR2017-3236618", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - April 2017", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:15:59", "bulletinFamily": "software", "cvelist": ["CVE-2004-2761", "CVE-2012-0920", "CVE-2012-1007", "CVE-2012-5881", "CVE-2012-5882", "CVE-2012-5883", "CVE-2013-1982", "CVE-2013-1983", "CVE-2013-1984", "CVE-2013-1985", "CVE-2013-1986", "CVE-2013-1987", "CVE-2013-1995", "CVE-2013-1998", "CVE-2013-2002", "CVE-2013-2003", "CVE-2013-2005", "CVE-2013-2566", "CVE-2013-5209", "CVE-2014-0114", "CVE-2014-3571", "CVE-2014-3596", "CVE-2015-0204", "CVE-2015-0286", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3195", "CVE-2015-3236", "CVE-2015-3237", "CVE-2015-4852", "CVE-2015-5252", "CVE-2015-5351", "CVE-2015-7501", "CVE-2015-7940", "CVE-2016-0635", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0729", "CVE-2016-0762", "CVE-2016-0763", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-2510", "CVE-2016-3092", "CVE-2016-3504", "CVE-2016-3506", "CVE-2016-3607", "CVE-2016-3674", "CVE-2016-3739", "CVE-2016-4436", "CVE-2016-4802", "CVE-2016-5018", "CVE-2016-5019", "CVE-2016-5407", "CVE-2016-5419", "CVE-2016-5420", "CVE-2016-5421", "CVE-2016-5483", "CVE-2016-5551", "CVE-2016-6288", "CVE-2016-6289", "CVE-2016-6290", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6294", "CVE-2016-6295", "CVE-2016-6296", "CVE-2016-6297", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6305", "CVE-2016-6306", "CVE-2016-6307", "CVE-2016-6308", "CVE-2016-6309", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-6817", "CVE-2016-7052", "CVE-2016-7055", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8619", "CVE-2016-8620", "CVE-2016-8621", "CVE-2016-8622", "CVE-2016-8623", "CVE-2016-8624", "CVE-2016-8625", "CVE-2016-8735", "CVE-2016-8743", "CVE-2017-3230", "CVE-2017-3232", "CVE-2017-3233", "CVE-2017-3234", "CVE-2017-3237", "CVE-2017-3254", "CVE-2017-3288", "CVE-2017-3302", "CVE-2017-3304", "CVE-2017-3305", "CVE-2017-3306", "CVE-2017-3307", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3331", "CVE-2017-3337", "CVE-2017-3342", "CVE-2017-3345", "CVE-2017-3347", "CVE-2017-3355", "CVE-2017-3356", "CVE-2017-3393", "CVE-2017-3432", "CVE-2017-3434", "CVE-2017-3450", "CVE-2017-3451", "CVE-2017-3452", "CVE-2017-3453", "CVE-2017-3454", "CVE-2017-3455", "CVE-2017-3456", "CVE-2017-3457", "CVE-2017-3458", "CVE-2017-3459", "CVE-2017-3460", "CVE-2017-3461", "CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3464", "CVE-2017-3465", "CVE-2017-3467", "CVE-2017-3468", "CVE-2017-3469", "CVE-2017-3470", "CVE-2017-3471", "CVE-2017-3472", "CVE-2017-3473", "CVE-2017-3474", "CVE-2017-3475", "CVE-2017-3476", "CVE-2017-3477", "CVE-2017-3478", "CVE-2017-3479", "CVE-2017-3480", "CVE-2017-3481", "CVE-2017-3482", "CVE-2017-3483", "CVE-2017-3484", "CVE-2017-3485", "CVE-2017-3486", "CVE-2017-3487", "CVE-2017-3488", "CVE-2017-3489", "CVE-2017-3490", "CVE-2017-3491", "CVE-2017-3492", "CVE-2017-3493", "CVE-2017-3494", "CVE-2017-3495", "CVE-2017-3496", "CVE-2017-3497", "CVE-2017-3498", "CVE-2017-3499", "CVE-2017-3500", "CVE-2017-3501", "CVE-2017-3502", "CVE-2017-3503", "CVE-2017-3504", "CVE-2017-3505", "CVE-2017-3506", "CVE-2017-3507", "CVE-2017-3508", "CVE-2017-3509", "CVE-2017-3510", "CVE-2017-3511", "CVE-2017-3512", "CVE-2017-3513", "CVE-2017-3514", "CVE-2017-3515", "CVE-2017-3516", "CVE-2017-3517", "CVE-2017-3518", "CVE-2017-3519", "CVE-2017-3520", "CVE-2017-3521", "CVE-2017-3522", "CVE-2017-3523", "CVE-2017-3524", "CVE-2017-3525", "CVE-2017-3526", "CVE-2017-3527", "CVE-2017-3528", "CVE-2017-3530", "CVE-2017-3531", "CVE-2017-3532", "CVE-2017-3533", "CVE-2017-3534", "CVE-2017-3535", "CVE-2017-3536", "CVE-2017-3537", "CVE-2017-3538", "CVE-2017-3539", "CVE-2017-3540", "CVE-2017-3541", "CVE-2017-3542", "CVE-2017-3543", "CVE-2017-3544", "CVE-2017-3545", "CVE-2017-3546", "CVE-2017-3547", "CVE-2017-3548", "CVE-2017-3549", "CVE-2017-3550", "CVE-2017-3551", "CVE-2017-3552", "CVE-2017-3553", "CVE-2017-3554", "CVE-2017-3555", "CVE-2017-3556", "CVE-2017-3557", "CVE-2017-3558", "CVE-2017-3559", "CVE-2017-3560", "CVE-2017-3561", "CVE-2017-3563", "CVE-2017-3564", "CVE-2017-3565", "CVE-2017-3567", "CVE-2017-3568", "CVE-2017-3569", "CVE-2017-3570", "CVE-2017-3571", "CVE-2017-3572", "CVE-2017-3573", "CVE-2017-3574", "CVE-2017-3575", "CVE-2017-3576", "CVE-2017-3577", "CVE-2017-3578", "CVE-2017-3579", "CVE-2017-3580", "CVE-2017-3581", "CVE-2017-3582", "CVE-2017-3583", "CVE-2017-3584", "CVE-2017-3585", "CVE-2017-3586", "CVE-2017-3587", "CVE-2017-3589", "CVE-2017-3590", "CVE-2017-3591", "CVE-2017-3592", "CVE-2017-3593", "CVE-2017-3594", "CVE-2017-3595", "CVE-2017-3596", "CVE-2017-3597", "CVE-2017-3598", "CVE-2017-3599", "CVE-2017-3600", "CVE-2017-3601", "CVE-2017-3602", "CVE-2017-3603", "CVE-2017-3604", "CVE-2017-3605", "CVE-2017-3606", "CVE-2017-3607", "CVE-2017-3608", "CVE-2017-3609", "CVE-2017-3610", "CVE-2017-3611", "CVE-2017-3612", "CVE-2017-3613", "CVE-2017-3614", "CVE-2017-3615", "CVE-2017-3616", "CVE-2017-3617", "CVE-2017-3618", "CVE-2017-3619", "CVE-2017-3620", "CVE-2017-3621", "CVE-2017-3622", "CVE-2017-3623", "CVE-2017-3625", "CVE-2017-3626", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-5638"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 300 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [April 2017 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2252203.1>).\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available here.\n", "modified": "2017-06-20T00:00:00", "published": "2017-04-18T00:00:00", "id": "ORACLE:CPUAPR2017", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - April 2017", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
