Application Express Customers Plugin Vulnerability in Oracle
CVE-2023-21975

9CRITICAL

Key Information:

Vendor: Oracle
Status: Application Express (apex)
Vendor: CVE Published:; 18 July 2023

What is CVE-2023-21975?

A vulnerability exists in the Oracle Application Express Customers Plugin that may allow a low-privileged attacker with network access to compromise user accounts. Exploitation requires interaction from a user other than the attacker, which could lead to unauthorized access and takeover of the Application Express Customers Plugin. This vulnerability impacts not only the plugin itself but might also affect additional products, indicating a significant security risk if exploited.

Affected Version(s)

Application Express (APEX) Application Express Customers Plugin: 18.2 <= 22.2

References

https://www.oracle.com/security-alerts/cpujul2023.html

vendor-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2023
Vulnerability Reserved
Dec 17, 2022