VENDOR UPDATE | 18 July 2017
Oracle Critical Patch and Security Updates July 2017
Oracle Database Server
Oracle Database Server Executive Summary
This Critical Patch Update contains 5 new security fixes for the Oracle Database Server divided as follows:
- 4 new security fixes for the Oracle Database Server. 2 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. None of these fixes are applicable to client-only installations, i.e., installations that do not have the Oracle Database Server installed.
- 1 new security fix for Oracle REST Data Services. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
These Critical patch updates are applicable to the following database versions:
- Oracle Database 11.2.0.4
- Oracle Database 12.1.0.2
- Oracle Database 12.2.0.1
Oracle Database Server Risk Matrix
| CVE# | Component | Package and/or Privilege Required | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.0 RISK | Supported Versions Affected | Notes | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
| CVE-2017-10202 | OJVM | Create Session, Create Procedure | Multiple | No | 9.9 | Network | Low | Low | None | Changed | High | High | High | 11.2.0.4, 12.1.0.2, 12.2.0.1 | See Note 1 |
| CVE-2014-3566 | DBMS_LDAP | None | LDAP | Yes | 6.8 | Network | High | None | None | Changed | High | None | None | 11.2.0.4, 12.1.0.2 | |
| CVE-2016-2183 | Real Application Clusters | None | SSL/TLS | Yes | 6.8 | Network | High | None | Required | Un- changed |
High | High | None | 11.2.0.4, 12.1.0.2 | |
| CVE-2017-10120 | RDBMS Security | Create Session, Select Any Dictionary | Oracle Net | No | 1.9 | Local | High | High | None | Un- changed |
None | Low | None | 12.1.0.2 | |
Notes:
- This score is for Windows platforms. On non-Windows platforms Scope is Unchanged, giving a CVSS Base Score of 8.8.
Oracle REST Data Services Executive Summary
This Critical Patch Update contains 1 new security fix for Oracle REST Data Services. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle REST Data Services Risk Matrix
| CVE# | Component | Package and/or Privilege Required | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.0 RISK | Supported Versions Affected | Notes | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
| CVE-2016-3092 | Oracle REST Data Services | None | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | Prior to 3.0.10.25.02.36 | |
Further Help and Assistance
For further advice about Oracle Critical Patch Updates, including installation planning and consultancy services, please contact one of our pre-sales technical team on 0330 332 6223 or visit our website nlightn-IT
Share this article
Latest Articles
- 22 October 2021
Oracle Database Critical Patch And Security Update October 2021 - 22 July 2021
Oracle Database Critical Patch And Security Update July 2021 - 26 April 2021
Oracle Database Critical Patch And Security Update April 2021 - 22 January 2021
Oracle Database Critical Patch And Security Update January 2021 - 27 October 2020
Oracle Database Critical Patch And Security Update October 2020 - 16 July 2020
Oracle Database Critical Patch And Security Update July 2020 - 15 April 2020
Oracle Database Critical Patch And Security Update April 2020 - 23 January 2020
Oracle Database Critical Patch And Security Update January 2020 - 16 October 2019
Oracle Database Critical Patch And Security Update October 2019 - 17 July 2019
Oracle Database Critical Patch And Scurity Update July 2019
