CVE# Product Component Protocol RemoteExploitwithoutAuth.? CVSS VERSI

1. CVE# Product Component Protocol Remote
2. Exploit
3. without
4. Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
5. Base
6. Score Attack
7. Vector Attack
8. Complex Privs
9. Req'd User
10. Interact Scope Confid-
11. entiality Inte-
12. grity Avail-
13. ability
14. CVE-2017-10352 Oracle WebLogic Server WLS - Web Services HTTP Yes 9.9 Network Low None None Changed Low Low High 12.2.1.3.0
15. CVE-2017-5461 Oracle Directory Server Enterprise Edition Admin Console (Sun Security Libraries) HTTP Yes 9.8 Network Low None None Un-
16. changed High High High 11.1.1.7.0
17. CVE-2017-5461 Oracle iPlanet Web Server Security (NSS) Multiple Yes 9.8 Network Low None None Un-
18. changed High High High 7.0
19. CVE-2017-5645 Oracle WebLogic Server Sample apps (Apache Log4j) TCP/UDP Yes 9.8 Network Low None None Un-
20. changed High High High 10.3.6.0.0, 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0
21. CVE-2016-0635 Oracle Identity Manager Security HTTP No 8.8 Network Low Low None Un-
22. changed High High High 11.1.2.3.0
23. CVE-2015-7501 Oracle Identity Manager Connector CA ACF2 (Apache Commons Collections) HTTP No 8.8 Network Low Low None Un-
24. changed High High High 9.0.4.20.6, 9.0.4.21.0, 9.0.4.25.4
25. CVE-2015-7501 Oracle Identity Manager Security (Apache Commons Collections) HTTP Yes 8.6 Network Low None None Un-
26. changed High Low Low 11.1.2.3.0
27. CVE-2017-10068 Oracle Business Intelligence Enterprise Edition Analytics Web Dashboards HTTP Yes 8.2 Network Low None Required Changed High Low None 12.2.1.3.0
28. CVE-2018-2711 Oracle JDeveloper Security Framework HTTP Yes 8.2 Network Low None Required Changed High Low None 11.1.1.2.4, 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 12.1.3.0.0
29. CVE-2016-2107 Oracle Mobile Security Suite Internal Development (OpenSSL) HTTPS Yes 8.2 Network Low None None Un-
30. changed Low None High 3.0.1
31. CVE-2018-2564 Oracle WebCenter Content Content Server HTTP Yes 8.2 Network Low None Required Changed Low High None 11.1.1.9.0
32. CVE-2018-2596 Oracle WebCenter Content Content Server HTTP Yes 8.2 Network Low None Required Changed Low High None 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0
33. CVE-2016-1182 Oracle WebCenter Portal Security Framework (Apache Struts 1) HTTP Yes 8.2 Network Low None None Un-
34. changed None Low High 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0
35. CVE-2018-2713 Oracle WebCenter Portal WebCenter Spaces Application HTTP Yes 8.2 Network Low None Required Changed Low High None 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0
36. CVE-2017-12617 Oracle Endeca Information Discovery Integrator Other Issues (Apache Tomcat) HTTP Yes 8.1 Network High None None Un-
37. changed High High High 3.1.0, 3.2.0
38. CVE-2017-12617 Oracle Tuxedo System and Applications Monitor tsam-General (Apache Tomcat) HTTP Yes 8.1 Network High None None Un-
39. changed High High High 12.1.3.0.0
40. CVE-2018-2601 Oracle Internet Directory Oracle Directory Services Manager HTTP No 8.0 Network High High None Changed High High High 11.1.1.7.0, 11.1.1.9.0, 12.2.1.3.0
41. CVE-2017-9798 Oracle HTTP Server Web Listener HTTP Yes 7.5 Network Low None None Un-
42. changed High None None 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0
43. CVE-2015-7940 Oracle WebCenter Portal Security Framework (Bouncy Castle Java package) HTTP Yes 7.5 Network Low None None Un-
44. changed High None None 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0
45. CVE-2018-2715 Oracle Business Intelligence Enterprise Edition BI Platform Security HTTP No 6.5 Network Low Low None Un-
46. changed High None None 12.2.1.2.0, 12.2.1.3.0
47. CVE-2017-10262 Oracle Access Manager Web Server Plugin HTTPS Yes 5.9 Network High None None Un-
48. changed High None None 11.1.2.3.0
49. CVE-2017-3732 Oracle Access Manager Web Server Plugin (OpenSSL) HTTPS Yes 5.9 Network High None None Un-
50. changed High None None 10.1.4.3.0
51. CVE-2016-2179 Oracle Business Intelligence Enterprise Edition Analytics Server (OpenSSL) HTTPS Yes 5.3 Network Low None None Un-
52. changed None None Low 11.1.1.7.0, 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0
53. CVE-2018-2561 Oracle HTTP Server Web Listener HTTP Yes 5.3 Network Low None None Un-
54. changed None None Low 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0
55. CVE-2018-2625 Oracle WebLogic Server Web Services HTTP Yes 5.3 Network Low None None Un-
56. changed Low None None 12.1.3.0.0, 12.2.1.3.0, 12.2.1.2.0
57. CVE-2017-10273 Oracle JDeveloper Deployment None No 4.7 Local High High Required Changed Low Low Low 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.2.0
58. CVE-2018-2584 Oracle WebCenter Sites Advanced UI HTTP No 4.3 Network Low Low None Un-
59. changed Low None None 11.1.1.8.0
60.  
61.  
62. Additional CVEs addressed are below:
63.  
64. The fix for CVE-2015-7501 also addresses CVE-2015-4852.
65. The fix for CVE-2016-1182 also addresses CVE-2014-0114 and CVE-2016-1181.
66. The fix for CVE-2016-2107 also addresses CVE-2016-2105, CVE-2016-2106 and CVE-2016-2109.
67. The fix for CVE-2016-2179 also addresses CVE-2016-2107.
68. The fix for CVE-2016-6304 also addresses CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309 and CVE-2016-7052.
69. The fix for CVE-2017-3732 also addresses CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309, CVE-2016-7052, CVE-2016-7055, CVE-2017-3730, CVE-2017-3731 and CVE-2017-3733.