CVE-2019-2899

4 documents4 sources

Severity

2.4LOW

EPSS

0.3%

top 49.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Hyperion Financial Management Oracle Application Development Framework Oracle Hyperion Financial Management +2 more

Timeline

PublishedOct 16

Latest updateMay 24

Description

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: OAM). Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a sub…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages5 packages

▶NVDoracle/jdeveloper4 versions+3

▶NVDoracle/hyperion_financial_management11.1.2.4

▶NVDoracle/application_development_framework4 versions+3

▶NVDoracle/peoplesoft_enterprise_scm_purchasing9.2

▶CVEListV5oracle_corporation/hyperion_financial_management11.1.2.4

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-q54x-xrq8-px2p: Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: OAM)↗2022-05-24

▶

CVEList

CVE-2019-2899: Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: OAM)↗2019-10-16

▶

📋Vendor Advisories

Oracle

Oracle Oracle Hyperion Risk Matrix: Security (Application Development Framework) — CVE-2019-2899↗2020-04-15

▶