| Summary | Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.0.2.3, and 3.0.1.0; the Oracle Healthcare Master Person Index component in Oracle Health Sciences Applications 2.0.12, 3.0.0, and 4.0.1; the Oracle Documaker component in Oracle Insurance Applications before 12.5; the Oracle Insurance Calculation Engine component in Oracle Insurance Applications 9.7.1, 10.1.2, and 10.2.2; the Oracle Insurance Policy Administration J2EE and Oracle Insurance Rules Palette components in Oracle Insurance Applications 9.6.1, 9.7.1, 10.0.1, 10.1.2, 10.2.0, and 10.2.2; the Oracle Retail Integration Bus component in Oracle Retail Applications 15.0; the Oracle Retail Order Broker component in Oracle Retail Applications 5.1, 5.2, and 15.0; the Primavera Contract Management component in Oracle Primavera Products Suite 14.2; the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.2, 8.3, 8.4, 15.1, 15.2, and 16.1; the Oracle Financial Services Analytical Applications Infrastructure component in Oracle Financial Services Applications 8.0.0, 8.0.1, 8.0.2, and 8.0.3; the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce 3.1.1, 3.1.2, 11.0, 11.1, and 11.2; the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5; the Oracle Communications BRM - Elastic Charging Engine 11.2.0.0.0 and 11.3.0.0.0; the Oracle Enterprise Repository Enterprise Repository 12.1.3.0.0; the Oracle Financial Services Behavior Detection Platform 8.0.1 and 8.0.2; the Oracle Hyperion Essbase 12.2.1.1; the Oracle Tuxedo System and Applications Monitor (TSAM) 11.1.1.2.0, 11.1.1.2.1, 11.1.1.2.1, 12.1.1.1.0, 12.1.3.0.0, and 12.2.2.0.0; the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (Spring)) 7.0, 7.1 and 7.2; the Oracle Endeca Information Discovery Integrator 3.2; the Converged Commerce component of Oracle Retail Applications 16.0.1; the Oracle Identity Manager 11.1.2.3.0; Oracle Enterprise Manager for MySQL Database 12.1.0.4; Oracle Retail Invoice Matching 12.0, 13.0, 13.1, 13.2, 14.0, and 14.1; Oracle Communications Performance Intelligence Center (PIC) Software Prior to 10.2.1 and the Oracle Knowledge component of Oracle Siebel CRM (subcomponent: AnswerFlow (Spring Framework)) version 8.5.1.0 - 8.5.1.7 and 8.6.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. |
|---|---|
| Publication Date | July 21, 2016, 7:12 p.m. |
| Registration Date | Jan. 26, 2021, 2:04 p.m. |
| Last Update | Nov. 21, 2024, 11:42 a.m. |
| CVSS3.0 : HIGH | |
| スコア | 8.8 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 攻撃元区分(AV) | ネットワーク |
| 攻撃条件の複雑さ(AC) | 低 |
| 攻撃に必要な特権レベル(PR) | 低 |
| 利用者の関与(UI) | 不要 |
| 影響の想定範囲(S) | 変更なし |
| 機密性への影響(C) | 高 |
| 完全性への影響(I) | 高 |
| 可用性への影響(A) | 高 |
| CVSS2.0 : HIGH | |
| Score | 9.0 |
|---|---|
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
| 攻撃元区分(AV) | ネットワーク |
| 攻撃条件の複雑さ(AC) | 低 |
| 攻撃前の認証要否(Au) | 単一 |
| 機密性への影響(C) | 高 |
| 完全性への影響(I) | 高 |
| 可用性への影響(A) | 高 |
| Get all privileges. | いいえ |
| Get user privileges | いいえ |
| Get other privileges | いいえ |
| User operation required | いいえ |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:* | 12.5 | ||||
| cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:insurance_calculation_engine:10.2.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:insurance_calculation_engine:10.1.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:insurance_rules_palette:10.1.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:insurance_rules_palette:9.7.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:insurance_policy_administration_j2ee:9.7.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:insurance_rules_palette:10.2.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:retail_order_broker_cloud_service:5.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:insurance_rules_palette:10.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:insurance_calculation_engine:9.7.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:primavera_contract_management:14.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:insurance_policy_administration_j2ee:9.6.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:health_sciences_information_manager:1.2.8.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:health_sciences_information_manager:3.0.1.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:retail_order_broker_cloud_service:15.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:healthcare_master_person_index:2.0.12:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:health_sciences_information_manager:2.0.2.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:healthcare_master_person_index:3.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:insurance_rules_palette:9.6.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:healthcare_master_person_index:4.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.1.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:retail_order_broker_cloud_service:5.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:* | |||||
| Title | 複数の Oracle 製品における脆弱性 |
|---|---|
| Summary | 複数の Oracle 製品には、機密性、完全性、および可用性に影響のある脆弱性が存在します。 |
| Possible impacts | リモート認証されたユーザにより、情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 攻撃が行われる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | July 19, 2016, midnight |
| Registration Date | July 26, 2016, 11:27 a.m. |
| Last Update | Nov. 22, 2016, 4:17 p.m. |
| オラクル |
| Oracle Agile PLM 9.3.4 |
| Oracle Agile PLM 9.3.5 |
| Oracle Commerce Guided Search / Oracle Commerce Experience Manager 11.0 |
| Oracle Commerce Guided Search / Oracle Commerce Experience Manager 11.1 |
| Oracle Commerce Guided Search / Oracle Commerce Experience Manager 11.2 |
| Oracle Commerce Guided Search / Oracle Commerce Experience Manager 3.1.1 |
| Oracle Commerce Guided Search / Oracle Commerce Experience Manager 3.1.2 |
| Oracle Documaker 12.5 まで |
| Oracle Enterprise Manager Ops Center 12.1.4 |
| Oracle Enterprise Manager Ops Center 12.2.2 |
| Oracle Enterprise Manager Ops Center 12.3.2 |
| Oracle Financial Services Analytical Applications Infrastructure 8.0.0 |
| Oracle Financial Services Analytical Applications Infrastructure 8.0.1 |
| Oracle Financial Services Analytical Applications Infrastructure 8.0.2 |
| Oracle Financial Services Analytical Applications Infrastructure 8.0.3 |
| Oracle Health Sciences Information Manager 1.2.8.3 |
| Oracle Health Sciences Information Manager 2.0.2.3 |
| Oracle Health Sciences Information Manager 3.0.1.0 |
| Oracle Healthcare Master Person Index 2.0.12 |
| Oracle Healthcare Master Person Index 3.0.0 |
| Oracle Healthcare Master Person Index 4.0.1 |
| Oracle Insurance Calculation Engine 10.1.2 |
| Oracle Insurance Calculation Engine 10.2.2 |
| Oracle Insurance Calculation Engine 9.7.1 |
| Oracle Insurance Policy Administration J2EE 10.0.1 |
| Oracle Insurance Policy Administration J2EE 10.1.2 |
| Oracle Insurance Policy Administration J2EE 10.2.0 |
| Oracle Insurance Policy Administration J2EE 10.2.2 |
| Oracle Insurance Policy Administration J2EE 9.6.1 |
| Oracle Insurance Policy Administration J2EE 9.7.1 |
| Oracle Insurance Rules Palette 10.0.1 |
| Oracle Insurance Rules Palette 10.1.2 |
| Oracle Insurance Rules Palette 10.2.0 |
| Oracle Insurance Rules Palette 10.2.2 |
| Oracle Insurance Rules Palette 9.6.1 |
| Oracle Insurance Rules Palette 9.7.1 |
| Oracle Retail Applications の Oracle Retail Order Broker 15.0 |
| Oracle Retail Applications の Oracle Retail Order Broker 5.1 |
| Oracle Retail Applications の Oracle Retail Order Broker 5.2 |
| Oracle Retail Integration Bus 15.0 |
| Primavera Contract Management 14.2 |
| Primavera P6 Enterprise Project Portfolio Management 15.1 |
| Primavera P6 Enterprise Project Portfolio Management 15.2 |
| Primavera P6 Enterprise Project Portfolio Management 16.1 |
| Primavera P6 Enterprise Project Portfolio Management 8.2 |
| Primavera P6 Enterprise Project Portfolio Management 8.3 |
| Primavera P6 Enterprise Project Portfolio Management 8.4 |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2016年07月26日] 掲載 [2016年11月22日] 影響を受けるシステム:ベンダ情報の追加に伴い内容を更新 ベンダ情報:オラクル (Oracle Critical Patch Update Advisory - October 2016) を追加 ベンダ情報:オラクル (Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices) を追加 ベンダ情報:オラクル (October 2016 Critical Patch Update Released) を追加 |
Feb. 17, 2018, 10:37 a.m. |