Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2019-2904

Published: Oct 16, 2019 | Modified: May 18, 2021
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2019-2904
CWEhttps://cwe.mitre.org/data/definitions/.html

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected Software

Name Vendor Start Version End Version
Application_testing_suite Oracle 12.5.0.3 (including) 12.5.0.3 (including)
Application_testing_suite Oracle 13.1.0.1 (including) 13.1.0.1 (including)
Application_testing_suite Oracle 13.2.0.1 (including) 13.2.0.1 (including)
Application_testing_suite Oracle 13.3.0.1 (including) 13.3.0.1 (including)
Banking_enterprise_collections Oracle 2.7.0 (including) 2.7.0 (including)
Banking_enterprise_collections Oracle 2.8.0 (including) 2.8.0 (including)
Banking_enterprise_originations Oracle 2.7.0 (including) 2.7.0 (including)
Banking_enterprise_originations Oracle 2.8.0 (including) 2.8.0 (including)
Banking_enterprise_product_manufacturing Oracle 2.7.0 (including) 2.7.0 (including)
Banking_enterprise_product_manufacturing Oracle 2.8.0 (including) 2.8.0 (including)
Banking_platform Oracle 2.4.0 (including) 2.4.0 (including)
Banking_platform Oracle 2.4.1 (including) 2.4.1 (including)
Banking_platform Oracle 2.5.0 (including) 2.5.0 (including)
Banking_platform Oracle 2.6.0 (including) 2.6.0 (including)
Banking_platform Oracle 2.6.1 (including) 2.6.1 (including)
Banking_platform Oracle 2.6.2 (including) 2.6.2 (including)
Banking_platform Oracle 2.7.0 (including) 2.7.0 (including)
Banking_platform Oracle 2.7.1 (including) 2.7.1 (including)
Banking_platform Oracle 2.9.0 (including) 2.9.0 (including)
Business_process_management_suite Oracle 12.2.1.3.0 (including) 12.2.1.3.0 (including)
Business_process_management_suite Oracle 12.2.1.4.0 (including) 12.2.1.4.0 (including)
Clinical Oracle 5.2 (including) 5.2 (including)
Communications_diameter_signaling_router Oracle 8.0.0.0 (including) 8.4.0.5 (including)
Communications_network_integrity Oracle 7.3.2 (including) 7.3.6 (including)
Communications_service_broker Oracle 6.0 (including) 6.0 (including)
Communications_service_broker Oracle 6.1 (including) 6.1 (including)
Communications_services_gatekeeper Oracle 6.0 (including) 6.0 (including)
Communications_services_gatekeeper Oracle 6.1 (including) 6.1 (including)
Enterprise_repository Oracle 11.1.1.7.0 (including) 11.1.1.7.0 (including)
Financial_services_lending_and_leasing Oracle 14.1.0 (including) 14.2.0 (including)
Financial_services_lending_and_leasing Oracle 12.5.0 (including) 12.5.0 (including)
Financial_services_revenue_management_and_billing_analytics Oracle 2.6 (including) 2.6 (including)
Financial_services_revenue_management_and_billing_analytics Oracle 2.7 (including) 2.7 (including)
Financial_services_revenue_management_and_billing_analytics Oracle 2.8 (including) 2.8 (including)
Flexcube_private_banking Oracle 12.0.0 (including) 12.0.0 (including)
Flexcube_private_banking Oracle 12.1.0 (including) 12.1.0 (including)
Health_sciences_data_management_workbench Oracle 2.4 (including) 2.4 (including)
Health_sciences_data_management_workbench Oracle 2.5 (including) 2.5 (including)
Hyperion_planning Oracle 11.1.2.4 (including) 11.1.2.4 (including)
Rapid_planning Oracle 12.1.3 (including) 12.1.3 (including)
Retail_assortment_planning Oracle 15.0.3.0 (including) 15.0.3.0 (including)
Retail_assortment_planning Oracle 16.0.3.0 (including) 16.0.3.0 (including)
Retail_clearance_optimization_engine Oracle 13.4 (including) 13.4 (including)
Retail_clearance_optimization_engine Oracle 14.0.3 (including) 14.0.3 (including)
Retail_clearance_optimization_engine Oracle 14.0.5 (including) 14.0.5 (including)
Retail_markdown_optimization Oracle 13.4 (including) 13.4 (including)
Retail_sales_audit Oracle 15.0.3 (including) 15.0.3 (including)
Retail_sales_audit Oracle 16.0.2 (including) 16.0.2 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use