CVE-2019-2904 in Rapid Planninginfo

Summary

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsible

Oracle

Reservation

12/14/2018

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	Exp	Cou	CVE
173678	Oracle Rapid Planning User interface Remote Code Execution	Not defined	Official fix	CVE-2019-2904
163212	Oracle Business Process Management Suite Runtime	Not defined	Official fix	CVE-2019-2904
163178	Oracle Enterprise Repository Security Subsystem - 12c Remote Code Execution	Not defined	Official fix	CVE-2019-2904
163021	Oracle Communications Diameter Signaling Router Platform Remote Code Execution	Not defined	Official fix	CVE-2019-2904
158230	Oracle Financial Services Lending/Leasing Core Remote Code Execution	Not defined	Official fix	CVE-2019-2904
158117	Oracle Communications Network Integrity User Remote Code Execution	Not defined	Official fix	CVE-2019-2904
153441	Oracle FLEXCUBE Private Banking Framework Remote Code Execution	Not defined	Official fix	CVE-2019-2904
153439	Oracle Financial Services Revenue Management Dashboards Remote Code Execution	Not defined	Official fix	CVE-2019-2904
153437	Oracle Banking Platform Framework Remote Code Execution	Not defined	Official fix	CVE-2019-2904
153436	Oracle Banking Enterprise Product Manufacturing Framework Remote Code Execution	Not defined	Official fix	CVE-2019-2904
153434	Oracle Banking Enterprise Originations Framework Remote Code Execution	Not defined	Official fix	CVE-2019-2904
153432	Oracle Banking Enterprise Collections Framework Remote Code Execution	Not defined	Official fix	CVE-2019-2904
153308	Oracle Communications Services Gatekeeper API Management Portal Remote Code Execution	Not defined	Official fix	CVE-2019-2904
153307	Oracle Communications Service Broker Admin Console Remote Code Execution	Not defined	Official fix	CVE-2019-2904
148946	Oracle Retail Sales Audit Operational Insights Remote Code Execution	Not defined	Official fix	CVE-2019-2904
148944	Oracle Retail Markdown Optimization Common Component Integration Remote Code Execution	Not defined	Official fix	CVE-2019-2904
148940	Oracle Retail Clearance Optimization Engine Dataset Componen Remote Code Execution	Not defined	Official fix	CVE-2019-2904
148939	Oracle Retail Assortment Planning Application Core Remote Code Execution	Not defined	Official fix	CVE-2019-2904
148881	Oracle Hyperion Planning Application Development Remote Code Execution	Not defined	Official fix	CVE-2019-2904
148874	Oracle Health Sciences Data Management Workbench User Remote Code Execution	Not defined	Official fix	CVE-2019-2904
148873	Oracle Clinical User Remote Code Execution	Not defined	Official fix	CVE-2019-2904
148757	Oracle Application Testing Suite Load Testing for Web Apps Remote Code Execution	Not defined	Official fix	CVE-2019-2904
143608	Oracle JDeveloper/ADF SQLite Remote Code Execution	Not defined	Official fix	CVE-2019-2904

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!