CVE# Product Component Protocol RemoteExploitwithoutAuth.? CVSS VERSI

1. CVE# Product Component Protocol Remote
2. Exploit
3. without
4. Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
5. Base
6. Score Attack
7. Vector Attack
8. Complex Privs
9. Req'd User
10. Interact Scope Confid-
11. entiality Inte-
12. grity Avail-
13. ability
14. CVE-2018-2656 Oracle General Ledger Data Manager Server HTTP Yes 9.1 Network Low None None Un-
15. changed High High None 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7
16. CVE-2018-2655 Oracle Work in Process Assemble/Configure to Order HTTP Yes 9.1 Network Low None None Un-
17. changed High High None 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7
18. CVE-2017-3736 Application Server Tech Stack (OpenSSL) HTTPS Yes 5.9 Network High None None Un-
19. changed High None None 12.1.3
20. CVE-2018-2691 Oracle User Management Proxy User Delegation HTTP No 5.4 Network Low Low None Un-
21. changed Low Low None 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7
22. CVE-2018-2684 Oracle User Management Registration Process HTTP No 4.9 Network Low High None Un-
23. changed High None None 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7
24. CVE-2018-2635 Oracle Application Object Library Login HTTP Yes 4.8 Network High None None Un-
25. changed Low Low None 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7
26. CVE-2018-2580 Oracle Applications DBA ADPatch None No 4.4 Local Low High None Un-
27. changed High None None 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7
28.  
29.  
30. Additional CVEs addressed are below:
31.  
32. The fix for CVE-2017-3736 also addresses CVE-2017-3735.