![]() The protocol in the risk matrix implies that all of its secure variants (if applicable) are affected as well. Oracle lists updates that address vulnerabilities in third-party components that are not exploitable in the context of their inclusion in their respective Oracle product beneath the product's risk matrix. For more information, see Oracle vulnerability disclosure policies. ![]() Oracle provides this information, in part, so that customers may conduct their own risk analysis based on the particulars of their product usage. ![]() Oracle does not disclose detailed information about this security analysis to customers, but the resulting Risk Matrix and associated documentation provide information about the type of vulnerability, the conditions required to exploit it, and the potential impact of a successful exploit. Oracle conducts an analysis of each security vulnerability addressed by a Security Alert. Security vulnerabilities are scored using CVSS version 3.1 (see Oracle CVSS Scoring for an explanation of how Oracle applies CVSS version 3.1). An English text version of the risk matrices provided in this document is here. Risk matrices for previous security patches can be found in previous Critical Patch Update advisories and Alerts. Risk matrices list only security vulnerabilities that are newly addressed by the patches associated with this advisory. English text version of the risk matrices.Use of Common Vulnerability Scoring System (CVSS) by Oracle.Oracle Critical Patch Updates and Security Alerts - Frequently Asked Questions.Oracle Critical Patch Updates, Security Alerts and Bulletins.Please review the Technical Support Policies for further guidelines regarding support policies and phases of support. As a result, Oracle recommends that customers upgrade to supported versions.ĭatabase, Fusion Middleware, Oracle Enterprise Manager products are patched in accordance with the Software Error Correction Support Policy explained in My Oracle Support Note 209768.1. ![]() However, it is likely that earlier versions of affected releases are also affected by these vulnerabilities. Product releases that are not under Premier Support or Extended Support are not tested for the presence of vulnerabilities addressed by this Security Alert. Oracle recommends that customers plan product upgrades to ensure that patches released through the Security Alert program are available for the versions they are currently running. Patches released through the Security Alert program are provided only for product versions that are covered under the Premier Support or Extended Support phases of the Lifetime Support Policy. Security Alert Supported Products and Versions ![]()
0 Comments
Leave a Reply. |