ID CVE-2019-2904
Summary Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_enterprise_collections:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:2.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_enterprise_collections:2.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_originations:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_enterprise_originations:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_originations:2.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_enterprise_originations:2.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:clinical:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:clinical:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_service_broker:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_service_broker:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_service_broker:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_service_broker:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_services_gatekeeper:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_services_gatekeeper:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_lending_and_leasing:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_lending_and_leasing:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hyperion_planning:11.1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:hyperion_planning:11.1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rapid_planning:12.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:rapid_planning:12.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_clearance_optimization_engine:13.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_clearance_optimization_engine:13.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_markdown_optimization:13.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_markdown_optimization:13.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:15.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_sales_audit:15.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:16.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_sales_audit:16.0.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-05-2021 - 12:58)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
misc
Last major update 18-05-2021 - 12:58
Published 16-10-2019 - 18:15
Last modified 18-05-2021 - 12:58
Back to Top