Oracle Software Vulnerabilities

by Cody Dumont
June 14, 2013

This report enumerates known software and hardware manufactured by Oracle, such as Sun Servers, Java, database, and web technologies.  The report displays information for enforcing and verifying IT management policies relating to assets, such as vulnerability, configuration and remediation policies. 

SecurityCenter (via PVS, LCE, and Nessus) collects information about installed products, identifies those products using standardized industry methods, and presents that information via this report.

The corresponding dashboard can be found here:

Oracle Software Vulnerabilities Dashboard

Chapter Description

The following chapters provide a detailed representation of the number of systems certain applications are installed on, the number of vulnerabilities, and the number of vulnerable systems that are currently exploitable.  Vulnerability trend analysis displays application vulnerabilities over the last 90 days.  The two remaining reports provide summaries of medium, high and critical vulnerabilities that provide details on patching efforts.

Vulnerability Trend Over Time - This chapter reports a trend over the last 90 days of the number of vulnerabilities by defined applications.

Detailed Vulnerability Summary - This chapter reports details of known applications, and enumerates found vulnerabilities.  Reported are the number of systems on which the technology has been located in terms of critical, high, and medium vulnerabilities.  The table displays the total number of identified vulnerabilities, including the associated repository, DNS, NetBIOS, MAC address, and IP address of the vulnerable systems.

Vulnerability Status at a Glance - This chapter gives a quick status report on patching efforts.  The number of critical, high, and medium vulnerabilities is displayed across three columns, as well as the number of days they have been detected.  Represented are known vulnerabilities that have existed for:  Over 30 Days, the Last 30 Days, or the Last 7 Days.

Critical Vulnerability Information - This chapter reports the most critical vulnerabilities for a fast readable reference to the most significant concerns.