CVE-2019-2904

Опубликовано: 16 окт. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Ссылки

http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Patch
Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2021.html
Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2020.html
Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
Vendor Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-1024/
Third Party Advisory
VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Patch
Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2021.html
Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2020.html
Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
Vendor Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-1024/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_enterprise_collections:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_enterprise_collections:2.8.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_enterprise_originations:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_enterprise_originations:2.8.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:clinical:5.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*

Версия от 8.0.0.0 (включая) до 8.4.0.5 (включая)

cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*

Версия от 7.3.2 (включая) до 7.3.6 (включая)

cpe:2.3:a:oracle:communications_service_broker:6.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_service_broker:6.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_services_gatekeeper:6.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_services_gatekeeper:6.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*

Версия от 14.1.0 (включая) до 14.2.0 (включая)

cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:hyperion_planning:11.1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:rapid_planning:12.1.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_clearance_optimization_engine:13.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_markdown_optimization:13.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_sales_audit:15.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_sales_audit:16.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.12605

Средний

9.8 Critical

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-c5wp-xqq4-5j7g

github

больше 3 лет назад

BDU:2019-04006

CVSS3: 9.8

fstec

больше 6 лет назад

Уязвимость подкомпонента ADF Faces компонента Oracle JDeveloper and ADF программной платформы Oracle Fusion Middleware, позволяющая нарушителю получить полный контроль над приложением

EPSS

Процентиль: 94%

0.12605

Средний

9.8 Critical

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo