Application Express Vulnerability in Oracle Database Server
CVE-2019-2484

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Application Express
Vendor: CVE Published:; 23 July 2019

Summary

A vulnerability has been identified in the Application Express component of Oracle Database Server that allows a low privileged attacker with a valid account to compromise the Application Express environment. This security flaw requires human interaction from a user not associated with the attacker, which can result in unauthorized data manipulation or access. Affected versions include Oracle Database Server 5.1 and 18.2, and exploitation may lead to significant security repercussions for related data. Organizations using these versions should apply recommended security measures to mitigate potential risks.

Affected Version(s)

Application Express 5.1

Application Express 18.2

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018