CVE-2016-0635

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Grid Control versions 12.1.4 through 12.3.2 Oracle Health Sciences Applications versions 1.2.8.3 through 3.0.1.0 Oracle Health Sciences Applications versions 2.0.12 through 4.0.1 Oracle Insurance Applications versions prior to 12.5 Oracle Insurance Applications versions 9.7.1 through 10.2.2 Oracle Insurance Applications versions 9.6.1 through 10.2.2 Oracle Retail Applications version 15.0 Oracle Retail Applications versions 5.1 through 15.0 Oracle Primavera Products Suite version 14.2 Oracle Primavera Products Suite versions 8.2 through 16.1 Oracle Financial Services Applications versions 8.0.0 through 8.0.3 Oracle Commerce versions 3.1.1 through 11.2 Oracle Supply Chain Products Suite versions 9.3.4 through 9.3.5 Oracle Communications BRM - Elastic Charging Engine versions 11.2.0.0.0 through 11.3.0.0.0 Oracle Enterprise Repository version 12.1.3.0.0 Oracle Financial Services Behavior Detection Platform versions 8.0.1 through 8.0.2 Oracle Hyperion Essbase version 12.2.1.1 Oracle Tuxedo System and Applications Monitor (TSAM) versions 11.1.1.2.0 through 12.2.2.0.0 Oracle Communications WebRTC Session Controller versions 7.0 through 7.2 Oracle Endeca Information Discovery Integrator version 3.2 Oracle Retail Applications version 16.0.1 Oracle Identity Manager version 11.1.2.3.0 Oracle Enterprise Manager for MySQL Database version 12.1.0.4 Oracle Retail Invoice Matching versions 12.0 through 14.1 Oracle Communications Performance Intelligence Center (PIC) Software versions prior to 10.2.1 Oracle Siebel CRM versions 8.5.1.0 through 8.6.0

Description The issue allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Recommendations As a temporary workaround, consider disabling access to the affected components until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the affected software until the issue is resolved. For Oracle Enterprise Manager Grid Control versions 12.1.4 through 12.3.2, update to a version that includes the fix for this issue. For Oracle Health Sciences Applications versions 1.2.8.3 through 3.0.1.0, update to a version that includes the fix for this issue. For Oracle Health Sciences Applications versions 2.0.12 through 4.0.1, update to a version that includes the fix for this issue. For Oracle Insurance Applications versions prior to 12.5, update to version 12.5 or later. For Oracle Insurance Applications versions 9.7.1 through 10.2.2, update to a version that includes the fix for this issue. For Oracle Insurance Applications versions 9.6.1 through 10.2.2, update to a version that includes the fix for this issue. For Oracle Retail Applications version 15.0, update to a version that includes the fix for this issue. For Oracle Retail Applications versions 5.1 through 15.0, update to a version that includes the fix for this issue. For Oracle Primavera Products Suite version 14.2, update to a version that includes the fix for this issue. For Oracle Primavera Products Suite versions 8.2 through 16.1, update to a version that includes the fix for this issue. For Oracle Financial Services Applications versions 8.0.0 through 8.0.3, update to a version that includes the fix for this issue. For Oracle Commerce versions 3.1.1 through 11.2, update to a version that includes the fix for this issue. For Oracle Supply Chain Products Suite versions 9.3.4 through 9.3.5, update to a version that includes the fix for this issue. For Oracle Communications BRM - Elastic Charging Engine versions 11.2.0.0.0 through 11.3.0.0.0, update to a version that includes the fix for this issue. For Oracle Enterprise Repository version 12.1.3.0.0, update to a version that includes the fix for this issue. For Oracle Financial Services Behavior Detection Platform versions 8.0.1 through 8.0.2, update to a version that includes the fix for this issue. For Oracle Hyperion Essbase version 12.2.1.1, update to a version that includes the fix for this issue. For Oracle Tuxedo System and Applications Monitor (TSAM) versions 11.1.1.2.0 through 12.2.2.0.0, update to a version that includes the fix for this issue. For Oracle Communications WebRTC Session Controller versions 7.0 through 7.2, update to a version that includes the fix for this issue. For Oracle Endeca Information Discovery Integrator version 3.2, update to a version that includes the fix for this issue. For Oracle Retail Applications version 16.0.1, update to a version that includes the fix for this issue. For Oracle Identity Manager version 11.1.2.3.0, update to a version that includes the fix for this issue. For Oracle Enterprise Manager for MySQL Database version 12.1.0.4, update to a version that includes the fix for this issue. For Oracle Retail Invoice Matching versions 12.0 through 14.1, update to a version that includes the fix for this issue. For Oracle Communications Performance Intelligence Center (PIC) Software versions prior to 10.2.1, update to version 10.2.1 or later. For Oracle Siebel CRM versions 8.5.1.0 through 8.6.0, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.