9.8
CVE-2019-2904
- EPSS 21.04%
- Published 16.10.2019 18:15:27
- Last modified 21.11.2024 04:41:46
- Source secalert_us@oracle.com
- Teams watchlist Login
- Open Login
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Data is provided by the National Vulnerability Database (NVD)
Oracle ≫ Application Testing Suite Version12.5.0.3
Oracle ≫ Application Testing Suite Version13.1.0.1
Oracle ≫ Application Testing Suite Version13.2.0.1
Oracle ≫ Application Testing Suite Version13.3.0.1
Oracle ≫ Banking Enterprise Collections Version2.7.0
Oracle ≫ Banking Enterprise Collections Version2.8.0
Oracle ≫ Banking Enterprise Originations Version2.7.0
Oracle ≫ Banking Enterprise Originations Version2.8.0
Oracle ≫ Banking Enterprise Product Manufacturing Version2.7.0
Oracle ≫ Banking Enterprise Product Manufacturing Version2.8.0
Oracle ≫ Banking Platform Version2.4.0
Oracle ≫ Banking Platform Version2.4.1
Oracle ≫ Banking Platform Version2.5.0
Oracle ≫ Banking Platform Version2.6.0
Oracle ≫ Banking Platform Version2.6.1
Oracle ≫ Banking Platform Version2.6.2
Oracle ≫ Banking Platform Version2.7.0
Oracle ≫ Banking Platform Version2.7.1
Oracle ≫ Banking Platform Version2.9.0
Oracle ≫ Business Process Management Suite Version12.2.1.3.0
Oracle ≫ Business Process Management Suite Version12.2.1.4.0
Oracle ≫ Communications Diameter Signaling Router Version >= 8.0.0.0 <= 8.4.0.5
Oracle ≫ Communications Network Integrity Version >= 7.3.2 <= 7.3.6
Oracle ≫ Communications Service Broker Version6.0
Oracle ≫ Communications Service Broker Version6.1
Oracle ≫ Communications Services Gatekeeper Version6.0
Oracle ≫ Communications Services Gatekeeper Version6.1
Oracle ≫ Enterprise Repository Version11.1.1.7.0
Oracle ≫ Financial Services Lending And Leasing Version >= 14.1.0 <= 14.2.0
Oracle ≫ Financial Services Lending And Leasing Version12.5.0
Oracle ≫ Flexcube Private Banking Version12.0.0
Oracle ≫ Flexcube Private Banking Version12.1.0
Oracle ≫ Health Sciences Data Management Workbench Version2.4
Oracle ≫ Health Sciences Data Management Workbench Version2.5
Oracle ≫ Hyperion Planning Version11.1.2.4
Oracle ≫ Rapid Planning Version12.1.3
Oracle ≫ Retail Assortment Planning Version15.0.3.0
Oracle ≫ Retail Assortment Planning Version16.0.3.0
Oracle ≫ Retail Clearance Optimization Engine Version13.4
Oracle ≫ Retail Clearance Optimization Engine Version14.0.3
Oracle ≫ Retail Clearance Optimization Engine Version14.0.5
Oracle ≫ Retail Markdown Optimization Version13.4
Oracle ≫ Retail Sales Audit Version15.0.3
Oracle ≫ Retail Sales Audit Version16.0.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 21.04% | 0.954 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| secalert_us@oracle.com | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|