CVE-2016-0635 in Oracle Siebel CRMinfo

Summary

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.0.2.3, and 3.0.1.0; the Oracle Healthcare Master Person Index component in Oracle Health Sciences Applications 2.0.12, 3.0.0, and 4.0.1; the Oracle Documaker component in Oracle Insurance Applications before 12.5; the Oracle Insurance Calculation Engine component in Oracle Insurance Applications 9.7.1, 10.1.2, and 10.2.2; the Oracle Insurance Policy Administration J2EE and Oracle Insurance Rules Palette components in Oracle Insurance Applications 9.6.1, 9.7.1, 10.0.1, 10.1.2, 10.2.0, and 10.2.2; the Oracle Retail Integration Bus component in Oracle Retail Applications 15.0; the Oracle Retail Order Broker component in Oracle Retail Applications 5.1, 5.2, and 15.0; the Primavera Contract Management component in Oracle Primavera Products Suite 14.2; the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.2, 8.3, 8.4, 15.1, 15.2, and 16.1; the Oracle Financial Services Analytical Applications Infrastructure component in Oracle Financial Services Applications 8.0.0, 8.0.1, 8.0.2, and 8.0.3; the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce 3.1.1, 3.1.2, 11.0, 11.1, and 11.2; the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5; the Oracle Communications BRM - Elastic Charging Engine 11.2.0.0.0 and 11.3.0.0.0; the Oracle Enterprise Repository Enterprise Repository 12.1.3.0.0; the Oracle Financial Services Behavior Detection Platform 8.0.1 and 8.0.2; the Oracle Hyperion Essbase 12.2.1.1; the Oracle Tuxedo System and Applications Monitor (TSAM) 11.1.1.2.0, 11.1.1.2.1, 11.1.1.2.1, 12.1.1.1.0, 12.1.3.0.0, and 12.2.2.0.0; the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (Spring)) 7.0, 7.1 and 7.2; the Oracle Endeca Information Discovery Integrator 3.2; the Converged Commerce component of Oracle Retail Applications 16.0.1; the Oracle Identity Manager 11.1.2.3.0; Oracle Enterprise Manager for MySQL Database 12.1.0.4; Oracle Retail Invoice Matching 12.0, 13.0, 13.1, 13.2, 14.0, and 14.1; Oracle Communications Performance Intelligence Center (PIC) Software Prior to 10.2.1 and the Oracle Knowledge component of Oracle Siebel CRM (subcomponent: AnswerFlow (Spring Framework)) version 8.5.1.0 - 8.5.1.7 and 8.6.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Reservation

12/09/2015

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
133743	Oracle Siebel CRM Oracle Knowledge Local Privilege Escalation		Not defined	Official fix	CVE-2016-0635
129690	Oracle Tape Library ACSLS Spring privilege escalation		Not defined	Official fix	CVE-2016-0635
129465	Oracle Communications Converged Application Server Spring privilege escalation		Not defined	Official fix	CVE-2016-0635
125378	Oracle Communications Performance Intelligence Center (PIC) Software Spring privilege escalation		Not defined	Official fix	CVE-2016-0635
116791	Oracle Retail Invoice Matching Security privilege escalation		Not defined	Official fix	CVE-2016-0635
116620	Oracle Enterprise Manager for MySQL Database EM Plugin: General (Spring Framework) privilege escalation		Not defined	Official fix	CVE-2016-0635
112134	Oracle Converged Commerce Foundation Data privileges management	269	Not defined	Official fix	CVE-2016-0635
112009	Oracle Identity Manager Security privileges management	269	Not defined	Official fix	CVE-2016-0635
108070	Oracle Endeca Information Discovery Integrator Spring cross-site request forgery	352	Not defined	Official fix	CVE-2016-0635
108016	Oracle Communications WebRTC Session Controller Spring cross-site request forgery	352	Not defined	Official fix	CVE-2016-0635
103915	Oracle Financial Services Behavior Detection Platform Spring privilege escalation		Not defined	Official fix	CVE-2016-0635
103907	Oracle Communications BRM Spring privilege escalation		Not defined	Official fix	CVE-2016-0635
103830	Oracle Hyperion Essbase Java Based Agent privilege escalation		Not defined	Official fix	CVE-2016-0635
103798	Oracle Tuxedo System/Applications Monitor Spring cross-site request forgery	352	Not defined	Official fix	CVE-2016-0635
103794	Oracle Enterprise Repository Security privilege escalation		Not defined	Official fix	CVE-2016-0635
100102	Oracle Retail Returns Management privilege escalation		Not defined	Official fix	CVE-2016-0635
100101	Oracle Retail Point-of-Service Mobile POS privilege escalation		Not defined	Official fix	CVE-2016-0635
100100	Oracle Retail Point-of-Service Infrastructure privilege escalation		Not defined	Official fix	CVE-2016-0635
100099	Oracle Retail Invoice Matching privilege escalation		Not defined	Official fix	CVE-2016-0635
100098	Oracle Retail Back Office privilege escalation		Not defined	Official fix	CVE-2016-0635
100061	Oracle FLEXCUBE Private Banking Struts 2 privilege escalation		Not defined	Official fix	CVE-2016-0635
100033	Oracle Communications Network Integrity Spring privilege escalation		Not defined	Official fix	CVE-2016-0635
95704	Oracle MySQL Enterprise Monitor Monitoring privilege escalation		Not defined	Official fix	CVE-2016-0635
95670	Oracle Retail Predictive Application Server RPAS Fusion Client privilege escalation		Not defined	Official fix	CVE-2016-0635
95669	Oracle Retail Assortment Planning Operations / Maintenance privilege escalation		Not defined	Official fix	CVE-2016-0635
95628	Oracle Communications Network Intelligence privilege escalation		Not defined	Official fix	CVE-2016-0635
92980	Oracle Financial Services Analytical Applications Infrastructure Inline Processing privilege escalation		Not defined	Official fix	CVE-2016-0635
92971	Oracle Commerce Guided Search/Commerce Experience Manager Tools/Frameworks privilege escalation		Not defined	Official fix	CVE-2016-0635
92970	Oracle Commerce Guided Search/Commerce Experience Manager Content Acquisition System privilege escalation		Not defined	Official fix	CVE-2016-0635
92967	Oracle Agile PLM Spring privilege escalation		Not defined	Official fix	CVE-2016-0635
90053	Oracle Primavera P6 Enterprise Project Portfolio Management Web access privilege escalation		Not defined	Official fix	CVE-2016-0635
90051	Oracle Primavera Contract Management PCM web services privilege escalation		Not defined	Official fix	CVE-2016-0635
90034	Oracle Retail Order Broker Order Broker Foundation privilege escalation		Not defined	Official fix	CVE-2016-0635
90033	Oracle Retail Integration Bus Install privilege escalation		Not defined	Official fix	CVE-2016-0635
90026	Oracle Insurance Rules Palette Architecture privilege escalation		Not defined	Official fix	CVE-2016-0635
90024	Oracle Insurance Policy Administration J2EE Architecture privilege escalation		Not defined	Official fix	CVE-2016-0635
90022	Oracle Insurance Calculation Engine Architecture privilege escalation		Not defined	Official fix	CVE-2016-0635
90020	Oracle Documaker Development tools privilege escalation		Not defined	Official fix	CVE-2016-0635
90018	Oracle Healthcare Master Person Index Internal operations privilege escalation		Not defined	Official fix	CVE-2016-0635
90016	Oracle Health Sciences Information Manager Health Policy Monitor privilege escalation		Not defined	Official fix	CVE-2016-0635
89913	Oracle Enterprise Manager Ops Center Framework privilege escalation		Not defined	Official fix	CVE-2016-0635

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!