Vulnerability Name: CVE-2015-0380 (CCN-100101) Assigned: 2014-12-17 Published: 2015-01-20 Updated: 2017-09-08 Summary: Unspecified vulnerability in the Oracle Telecommunications Billing Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to OA Based UI for Bill Summary. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N 3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Other References: Source: MITRECVE-2015-0380 Oracle Critical Patch Update Advisory - January 2015 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html 72236 Oracle E-Business Suite CVE-2015-0380 Remote Security Vulnerability 1031579 oracle-cpujan2015-cve20150380(100101) oracle-cpujan2015-cve20150380(100101) Vulnerable Configuration: Configuration 1 :cpe:/a:oracle:e-business_suite:11.5.10.2:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.0.5:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.0.6:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.1.2:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.1.3:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.2.2:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.2.3:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.2.4:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:oracle:e-business_suite:11.5.10.2:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.0.6:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.1.2:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.1.3:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:*:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.2.2:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.2.3:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.2.4:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.0.5:*:*:*:*:*:*:* BACK
oracle e-business suite 11.5.10.2
oracle e-business suite 12.0.4
oracle e-business suite 12.0.5
oracle e-business suite 12.0.6
oracle e-business suite 12.1.1
oracle e-business suite 12.1.2
oracle e-business suite 12.1.3
oracle e-business suite 12.2.2
oracle e-business suite 12.2.3
oracle e-business suite 12.2.4
oracle e-business suite 11.5.10.2
oracle e-business suite 12.0.4
oracle e-business suite 12.0.6
oracle e-business suite 12.1.1
oracle e-business suite 12.1.2
oracle e-business suite 12.1.3
oracle e-business suite *
oracle e-business suite 12.2.2
oracle e-business suite 12.2.3
oracle e-business suite 12.2.4
oracle e-business suite 12.0.5
Denotes that component is vulnerable