CVE-2019-2823Code Injection in Oracle Financial Services Analytical Applications Infrastructure

CWE-94Code InjectionCWE-95Eval Injection5 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 51.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Financial Services Analytical Applications InfrastructureOracle Corporation Financial Services Analytical Applications Infrastructure
Timeline
PublishedJul 23
Latest updateFeb 20

Description

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 8.0.5-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
XWiki Platform allows remote code execution as guest via SolrSearchMacros request2025-02-20
GHSA
XWiki Platform: Remote code execution as guest via DatabaseSearch2024-04-10
GHSA
GHSA-wh4p-84q5-c562: Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponen2022-05-24
CVEList
CVE-2019-2823: Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponen2019-07-23
CVE-2019-2823 — Code Injection in Oracle | cvebase