Vulnerability in Oracle JDeveloper and ADF by Oracle
CVE-2019-2899

2.4LOW

Key Information:

Vendor: Oracle
Status: Hyperion Financial Management
Vendor: CVE Published:; 16 October 2019

Summary

This vulnerability in Oracle JDeveloper and ADF within the Oracle Fusion Middleware framework allows a high-privileged attacker with network access via HTTP to potentially compromise the system. While exploitation necessitates human interaction from a separate individual, successful execution could lead to unauthorized read access to a portion of data accessible through JDeveloper and ADF. The supported versions affected include 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.3.0, making it crucial for users to review their security posture and implement recommended updates promptly.

Affected Version(s)

Hyperion Financial Management 11.1.2.4

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_MISC

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Dec 14, 2018