CVE-2019-2904 — Oracle Communications Diameter Signaling Router vulnerability
9 documents5 sources
Severity
9.8CRITICALNVD
EPSS
12.4%
top 6.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 16
Latest updateMay 24
Description
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS …
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages24 packages
Patches
🔴Vulnerability Details
2📋Vendor Advisories
5Oracle▶
Oracle Oracle Supply Chain Risk Matrix: User interface (Application Development Framework) — CVE-2019-2904↗2021-04-15
Oracle▶
Oracle Oracle Communications Risk Matrix: Platform (Application Development Framework) — CVE-2019-2904↗2020-10-15
Oracle▶
Oracle Oracle Communications Applications Risk Matrix: User Interface (Application Development Framework) — CVE-2019-2904↗2020-07-15
Oracle▶
Oracle Oracle Communications Applications Risk Matrix: Admin Console (Application Development Framework) — CVE-2019-2904↗2020-04-15
Oracle▶
Oracle Oracle Enterprise Manager Risk Matrix: Load Testing for Web Apps (Application Development Framework) — CVE-2019-2904↗2020-01-15