Questions often arise on the PeopleTools versions for whichCritical Patch Updates have been published, or if a particular PeopleToolsversion is supported.
The table in the attached page shows the patch number matrix for PeopleToolsversions associated with a particular CPU publication. This information will help you decide which CPU to apply and when to consider upgrading to a more current release.
The link in "CPU Date" goes to the landing page forCPU advisories, the link in the individual date, e.g. Apr-10, goes to theadvisory for that date.
The page also shows the CVE's addressed in the CPU, a synopsisof the issue and the Common Vulnerability Scoring System (CVSS) value.
Introduced in the April 2016 CPU, CVSS 3.0 is being used from this CPU going forward.
For more information on how CVSS 3.0 is calculated, Risk Matrix Glossary – Terms and Definitions for Critical Patch Update Risk Matrices http://www.oracle.com/technetwork/topics/security/advisorymatrixglossary-101807.html
CVSS Version 3.0 Announced: https://blogs.oracle.com/security/entry/cvss_version_3_0_announced
To find more details on any CVE, simply replace the CVE numberin the sample URL below.: http://www.cvedetails.com/cve/CVE-2010-2377
Common Vulnerability Scoring System Version 3 Calculator: https://www.first.org/cvss/specification-document
This page shows the components of the CVSS score
If you are considering creating a response policy, this page provide a good sample template: http://www.first.org/_assets/cvss/cvss-based-patch-policy.pdf. Note this is a useful template.
All the details in this page are available on My Oracle Support and public sites.
Please NOTE: The RED column in the Attached Page indicates the last patch for any PeopleToolsversion and effectively the last support date for that version.
Applications Unlimited support does NOT apply to PeopleToolsversions.