CVE Vulnerabilities

CVE-2019-2899

Published: Oct 16, 2019 | Modified: Jan 31, 2023
CVSS 3.x
2.4
LOW
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
CVSS 2.x
3.5 LOW
AV:N/AC:M/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: OAM). Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper and ADF accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).

Affected Software

Name Vendor Start Version End Version
Application_development_framework Oracle 11.1.1.9.0 (including) 11.1.1.9.0 (including)
Application_development_framework Oracle 11.1.2.4.0 (including) 11.1.2.4.0 (including)
Application_development_framework Oracle 12.1.3.0.0 (including) 12.1.3.0.0 (including)
Application_development_framework Oracle 12.2.1.3.0 (including) 12.2.1.3.0 (including)
Jdeveloper Oracle 11.1.1.9.0 (including) 11.1.1.9.0 (including)
Jdeveloper Oracle 11.1.2.4.0 (including) 11.1.2.4.0 (including)
Jdeveloper Oracle 12.1.3.0.0 (including) 12.1.3.0.0 (including)
Jdeveloper Oracle 12.2.1.3.0 (including) 12.2.1.3.0 (including)

References