NA

CVE-2019-2904

Published: 16/10/2019 Updated: 19/12/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Vulnerability Trend

Affected Products

Vendor Product Versions
OracleApplication Development Framework11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0
OracleJdeveloper11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0

Recent Articles

Oracle Ties Previous All-Time Patch High with January Updates
Threatpost • Tara Seals • 14 Jan 2020

Oracle has patched 334 vulnerabilities across all of its product families in its January 2020 quarterly Critical Patch Update (CPU). Out of these, 43 are critical/severe flaws carrying CVSS scores of 9.1 and above. The CPU ties for Oracle’s previous all-time high for number of patches issued, in July 2019, which overtook its previous record of 308 in July 2017.
The company said in a pre-release announcement that some of the vulnerabilities affect multiple products. “Due to the threat ...