Oracle Fusion Middleware vulnerabilities

CVE-2011-3523 [LOW] CVE-2011-3523: Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 1 Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 10.1.3.5.0 and 10.1.3.5.1 allows remote authenticated users to affect integrity, related to WSM Console, a different vulnerability than CVE-2011-2237.

CVE-2011-3541 [LOW] CVE-2011-3541: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows local users to affect availability via unknown vectors related to Outside In Filters.

CVE-2011-2318 [LOW] CVE-2011-2318: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4. Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows local users to affect confidentiality, related to WLS Security.

CVE-2011-2237 [LOW] CVE-2011-2237: Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 1 Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 10.1.3.5.0 and 10.1.3.5.1 allows remote authenticated users to affect integrity, related to WSM Console, a different vulnerability than CVE-2011-3523.

CVE-2011-2264 [MEDIUM] CVE-2011-2264: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows context-dependent attackers to affect confidentiality, integrity, and availability via unknown vectors related to Outside In Filters. NOTE: the previous information was obtained from the July 2011 CPU. Oracle has not commented on claim

CVE-2011-2267 [LOW] CVE-2011-2267: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.

CVE-2011-0884 [MEDIUM] CVE-2011-0884: Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Fusion Middleware 1 Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Fusion Middleware 11.1.1.3.0, 11.1.1.4.0, and 11.1.1.5.0 allows remote authenticated users to affect availability, related to BPEL Console.

CVE-2011-0883 [MEDIUM] CVE-2011-0883: Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10 Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.2.3, 10.1.3.5, 10.1.4.0.1, and 10.1.4.3 allows remote authenticated users to affect integrity, related to Servlet Runtime in OC4J.

CVE-2011-2232 [MEDIUM] CVE-2011-2232: Unspecified vulnerability in the XML Developer Kit component in Oracle Database Server 10.1.0.5, 10. Unspecified vulnerability in the XML Developer Kit component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 11.1.0.7, and 11.2.0.1, and Oracle Fusion Middleware 10.1.3.5, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2011-2241 [MEDIUM] CVE-2011-2241: Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.1 and 11.1.1.3 allows remote attackers to affect availability via unknown vectors related to Analytics Server.

CVE-2011-2231 [MEDIUM] CVE-2011-2231: Unspecified vulnerability in the XML Developer Kit component in Oracle Database Server 10.1.0.5, 10. Unspecified vulnerability in the XML Developer Kit component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, Oracle Fusion Middleware 10.1.3.5, allows remote attackers to affect availability via unknown vectors.

CVE-2011-0808 [MEDIUM] CVE-2011-0808: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Outside In Filters. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not commented on claims from a reliab

CVE-2011-0789 [MEDIUM] CVE-2011-0789: Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.2.3 a Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.

CVE-2011-0794 [MEDIUM] CVE-2011-0794: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not commented on claims from a reliable third party that this issue is in (

CVE-2011-0785 [MEDIUM] CVE-2011-0785: Unspecified vulnerability in the Oracle Help component in Oracle Database Server 11.1.0.7, 11.2.0.1, Unspecified vulnerability in the Oracle Help component in Oracle Database Server 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, and 10.1.0.5; and Oracle Fusion Middleware 11.1.1.2.0, 11.1.1.3.0, and 11.1.1.4.0 allows remote attackers to affect integrity via unknown vectors.

CVE-2011-0798 [MEDIUM] CVE-2011-0798: Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 and 11.1.1.2. Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 and 11.1.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Midtier Infrastructure.

CVE-2011-0795 [LOW] CVE-2011-0795: Unspecified vulnerability in the Single Sign On component in Oracle Fusion Middleware 10.1.2.3 allow Unspecified vulnerability in the Single Sign On component in Oracle Fusion Middleware 10.1.2.3 allows remote authenticated users to affect integrity via unknown vectors related to Administration and Monitoring.

CVE-2010-3510 [CRITICAL] CVE-2010-3510: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Node Manager.

CVE-2010-3591 [CRITICAL] CVE-2010-3591: Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1. Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Internal Operations. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from

CVE-2010-3599 [CRITICAL] CVE-2010-3599: Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1. Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher