Home

CVE-2019-2904

Description

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
12.605

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Mysql 8.0.19Windows
Multiple Vulnerabilities are affected in Mysql 8.0.5Windows
Vulnerabilities CVE-2019-2904 are affected in Oracle Financial Services Revenue Management and Billing 2.6Windows
Vulnerabilities CVE-2019-2904 are affected in Oracle Financial Services Revenue Management and Billing 2.7Windows
Vulnerabilities CVE-2019-2904 are affected in Oracle Financial Services Revenue Management and Billing 2.8Windows
Multiple Vulnerabilities are affected in Mysql 8.0.19 (For Linux)Linux
Multiple Vulnerabilities are affected in Mysql 8.0.5 (For Linux)Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234