CVE-2019-2904 — CRITICAL (9.8)

Q: How severe is CVE-2019-2904?

CVE-2019-2904 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2019-2904?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Application Testing Suite, Oracle Banking Enterprise Collections, Oracle Banking Enterprise Originations, Oracle Banking Enterprise Product Manufacturing, Oracle Banking Platform.

Vulnerability Description

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Oracle	Application Testing Suite	12.5.0.3
Oracle	Banking Enterprise Collections	2.7.0
Oracle	Banking Enterprise Originations	2.7.0
Oracle	Banking Enterprise Product Manufacturing	2.7.0
Oracle	Banking Platform	2.4.0
Oracle	Business Process Management Suite	12.2.1.3.0
Oracle	Clinical	5.2
Oracle	Communications Diameter Signaling Router	>= 8.0.0.0, <= 8.4.0.5
Oracle	Communications Network Integrity	>= 7.3.2, <= 7.3.6
Oracle	Communications Service Broker	6.0
Oracle	Communications Services Gatekeeper	6.0
Oracle	Enterprise Repository	11.1.1.7.0
Oracle	Financial Services Lending And Leasing	>= 14.1.0, <= 14.2.0
Oracle	Financial Services Revenue Management And Billing Analytics	2.6
Oracle	Flexcube Private Banking	12.0.0
Oracle	Health Sciences Data Management Workbench	2.4
Oracle	Hyperion Planning	11.1.2.4
Oracle	Rapid Planning	12.1.3
Oracle	Retail Assortment Planning	15.0.3.0
Oracle	Retail Clearance Optimization Engine	13.4

References

http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatchVendor Advisory
https://www.oracle.com/security-alerts/cpuapr2020.htmlVendor Advisory
https://www.oracle.com/security-alerts/cpuapr2021.htmlVendor Advisory
https://www.oracle.com/security-alerts/cpujan2020.htmlVendor Advisory
https://www.oracle.com/security-alerts/cpujul2020.htmlVendor Advisory
https://www.oracle.com/security-alerts/cpuoct2020.htmlVendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-1024/Third Party AdvisoryVDB Entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatchVendor Advisory
https://www.oracle.com/security-alerts/cpuapr2020.htmlVendor Advisory
https://www.oracle.com/security-alerts/cpuapr2021.htmlVendor Advisory
https://www.oracle.com/security-alerts/cpujan2020.htmlVendor Advisory
https://www.oracle.com/security-alerts/cpujul2020.htmlVendor Advisory
https://www.oracle.com/security-alerts/cpuoct2020.htmlVendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-1024/Third Party AdvisoryVDB Entry

FAQ

What is CVE-2019-2904?

CVE-2019-2904 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploi...

How severe is CVE-2019-2904?

CVE-2019-2904 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-2904?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Application Testing Suite, Oracle Banking Enterprise Collections, Oracle Banking Enterprise Originations, Oracle Banking Enterprise Product Manufacturing, Oracle Banking Platform.