Oracle Application Express User Account denial of service

A vulnerability classified as critical has been found in Oracle Application Express (version unknown). Affected is some unknown functionality of the component User Account. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field07/20/2022 08:15 AM08/06/2022 02:57 PM08/06/2022 02:59 PM
cvss3_vuldb_iNNN
cvss3_vuldb_aHHH
cvss3_vuldb_rcCCC
cvss3_vuldb_rlOOO
urlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.html
date1658181600 (07/19/2022)1658181600 (07/19/2022)1658181600 (07/19/2022)
identifierOracle Critical Patch Update Advisory - July 2022Oracle Critical Patch Update Advisory - July 2022Oracle Critical Patch Update Advisory - July 2022
date1658181600 (07/19/2022)1658181600 (07/19/2022)1658181600 (07/19/2022)
nameUpgradeUpgradeUpgrade
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiCCC
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore5.95.95.9
cvss3_vuldb_basescore5.75.75.7
cvss3_vuldb_tempscore5.55.55.5
cvss3_meta_basescore5.75.76.6
cvss3_meta_tempscore5.55.56.5
price_0day$0-$5k$0-$5k$0-$5k
vendorOracleOracleOracle
nameApplication ExpressApplication ExpressApplication Express
cveCVE-2022-24729CVE-2022-24729CVE-2022-24729
componentUser AccountUser AccountUser Account
risk222
cwe404 (denial of service)404 (denial of service)404 (denial of service)
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cve_assigned1644447600 (02/10/2022)1644447600 (02/10/2022)
cve_nvd_summaryCKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iN
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciN
cvss2_nvd_iiN
cvss2_nvd_aiP
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiR
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iN
cvss3_cna_aH
cve_cnaGitHub, Inc.
cvss2_nvd_basescore5.0
cvss3_nvd_basescore7.5
cvss3_cna_basescore6.5

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!