Kaspersky LabKLA10639KLA10639 Multiple vulnerabilities in Oracle products
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.003 Low
EPSS
Percentile
70.4%
Detect date:
07/17/2015
Severity:
Critical
Description:
Unspecified vulnerabilities were found in Oracle Supply Chain Products Suite, Oracle Database Server, Oracle Commerce Platform and Oracle Enterprise Manager. By exploiting this vulnerability malicious users can affect confidentiality, integrity and availability. This vulnerabilities can be exploited via vectors related to Oracle Agile PLM Framework, Business Process Automation, Content Acquisition System, Content Management, RAC Management, Content Acquisition System, Security, Diagnostics and unknown vectors.
Affected products:
Oracle Supply Chain Products Suite versions 6.1, 6.2, 6.3.0 through 6.3.7, 9.3.3 and 9.3.4
Oracle Database Server versions prior to 4.2.3.00.08, 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, 12.1.0.2
Oracle Commerce Platform versions 3.0.2, 3.1.1, 3.1.2, 11.0, and 11.1
Oracle Enterprise Manager Grid Control EM Base Platform version 11.1.0.1
Oracle Enterprise Manager Grid Control EM Plugin for DB versions 12.1.0.5, 12.1.0.6, 12.1.0.7
Oracle Enterprise Manager Grid Control EM DB Control versions 11.1.0.7, 11.2.0.3 and 11.2.0.4
Solution:
Update to the latest version
Get latest versions
Original advisories:
Impacts:
OSI
Related products:
CVE-IDS:
CVE-2015-2663
CVE-2015-2660
CVE-2015-2599
CVE-2015-2585
CVE-2015-2607
CVE-2015-4735
CVE-2015-2644
CVE-2015-2646
CVE-2015-2655
CVE-2015-2657
CVE-2015-2647
CVE-2015-2653
CVE-2015-2629
CVE-2015-4768
CVE-2015-4740
CVE-2015-2595
CVE-2015-2586
CVE-2015-4755
References
www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2585
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2586
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2595
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2599
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2607
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2629
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2644
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2646
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2647
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2653
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2655
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2657
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2660
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2663
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4735
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4740
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4755
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4768
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Oracle-Commerce-Platform/
threats.kaspersky.com/en/product/Oracle-Database/
threats.kaspersky.com/en/product/Oracle-Enterprise-Manager-Grid-Control/
threats.kaspersky.com/en/product/Oracle-Supply-Chain-Products-Suite/
tps://www.oracle.com/downloads/index.html
Related
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.003 Low
EPSS
Percentile
70.4%