CVE-2002-1639 — Oracle Configurator vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

2.1%

top 15.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Configurator

Timeline

PublishedApr 1

Latest updateApr 30

Description

Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host".

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDoracle/configurator11.5.6.0.0 — 11.5.6.16.53+2

Patches

Patch: securitytracker.com ↗Patch: www.kb.cert.org ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-mqr3-hx46-j2rf: Oracle Configurator before 11↗2022-04-30

▶

CVEList

CVE-2002-1639: Oracle Configurator before 11↗2005-03-28

▶