CVE-2019-2899
First published: Wed Oct 16 2019(Updated: )
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: OAM). Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper and ADF accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Application Development Framework | =11.1.1.9.0 | |
| Oracle Application Development Framework | =11.1.2.4.0 | |
| Oracle Application Development Framework | =12.1.3.0.0 | |
| Oracle Application Development Framework | =12.2.1.3.0 | |
| Oracle JDeveloper | =11.1.1.9.0 | |
| Oracle JDeveloper | =11.1.2.4.0 | |
| Oracle JDeveloper | =12.1.3.0.0 | |
| Oracle JDeveloper | =12.2.1.3.0 | |
| Oracle Hyperion Financial Management | =11.1.2.4 | |
| Oracle Peoplesoft Enterprise Scm Purchasing | =9.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Oracle JDeveloper and ADF vulnerability?
The vulnerability ID for this Oracle JDeveloper and ADF vulnerability is CVE-2019-2899.
What is the severity of CVE-2019-2899?
The severity of CVE-2019-2899 is low, with a CVSS score of 2.4.
Which versions of Oracle JDeveloper and ADF are affected by CVE-2019-2899?
The affected versions of Oracle JDeveloper and ADF are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.3.0.
How can an attacker exploit CVE-2019-2899?
An attacker with network access via HTTP can exploit CVE-2019-2899.
Is there a fix available for CVE-2019-2899?
Yes, Oracle has released patches and fixes for CVE-2019-2899. It is recommended to apply the necessary updates.
- collector/nvd-index
- agent/references
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/oracle
- canonical/oracle application development framework
- version/oracle application development framework/11.1.1.9.0
- version/oracle application development framework/11.1.2.4.0
- version/oracle application development framework/12.1.3.0.0
- version/oracle application development framework/12.2.1.3.0
- canonical/oracle jdeveloper
- version/oracle jdeveloper/11.1.1.9.0
- version/oracle jdeveloper/11.1.2.4.0
- version/oracle jdeveloper/12.1.3.0.0
- version/oracle jdeveloper/12.2.1.3.0
- canonical/oracle hyperion financial management
- version/oracle hyperion financial management/11.1.2.4
- canonical/oracle peoplesoft enterprise scm purchasing
- version/oracle peoplesoft enterprise scm purchasing/9.2