CVE-2019-2904

Summary

CVE	CVE-2019-2904
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-10-16 18:15:00 UTC
Updated	2021-05-18 12:58:00 UTC
Description	Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Risk And Classification

Problem Types: NVD-CWE-noinfo

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Oracle	Application Development Framework	11.1.1.9.0	All	All	All
Application	Oracle	Application Development Framework	12.1.3.0.0	All	All	All
Application	Oracle	Application Development Framework	12.2.1.3.0	All	All	All
Application	Oracle	Application Development Framework	11.1.1.9.0	All	All	All
Application	Oracle	Application Development Framework	12.1.3.0.0	All	All	All
Application	Oracle	Application Development Framework	12.2.1.3.0	All	All	All
Application	Oracle	Application Testing Suite	12.5.0.3	All	All	All
Application	Oracle	Application Testing Suite	13.1.0.1	All	All	All
Application	Oracle	Application Testing Suite	13.2.0.1	All	All	All
Application	Oracle	Application Testing Suite	13.3.0.1	All	All	All
Application	Oracle	Banking Enterprise Collections	2.7.0	All	All	All
Application	Oracle	Banking Enterprise Collections	2.8.0	All	All	All
Application	Oracle	Banking Enterprise Originations	2.7.0	All	All	All
Application	Oracle	Banking Enterprise Originations	2.8.0	All	All	All
Application	Oracle	Banking Enterprise Product Manufacturing	2.7.0	All	All	All
Application	Oracle	Banking Enterprise Product Manufacturing	2.8.0	All	All	All
Application	Oracle	Banking Platform	2.4.0	All	All	All
Application	Oracle	Banking Platform	2.4.1	All	All	All
Application	Oracle	Banking Platform	2.5.0	All	All	All
Application	Oracle	Banking Platform	2.6.0	All	All	All
Application	Oracle	Banking Platform	2.6.1	All	All	All
Application	Oracle	Banking Platform	2.6.2	All	All	All
Application	Oracle	Banking Platform	2.7.0	All	All	All
Application	Oracle	Banking Platform	2.7.1	All	All	All
Application	Oracle	Banking Platform	2.9.0	All	All	All
Application	Oracle	Business Process Management Suite	12.2.1.3.0	All	All	All
Application	Oracle	Business Process Management Suite	12.2.1.4.0	All	All	All
Application	Oracle	Clinical	5.2	All	All	All
Application	Oracle	Communications Diameter Signaling Router	All	All	All	All
Application	Oracle	Communications Network Integrity	All	All	All	All
Application	Oracle	Communications Services Gatekeeper	6.0	All	All	All
Application	Oracle	Communications Services Gatekeeper	6.1	All	All	All
Application	Oracle	Communications Service Broker	6.0	All	All	All
Application	Oracle	Communications Service Broker	6.1	All	All	All
Application	Oracle	Enterprise Repository	11.1.1.7.0	All	All	All
Application	Oracle	Financial Services Lending And Leasing	12.5.0	All	All	All
Application	Oracle	Financial Services Lending And Leasing	All	All	All	All
Application	Oracle	Financial Services Revenue Management And Billing Analytics	2.6	All	All	All
Application	Oracle	Financial Services Revenue Management And Billing Analytics	2.7	All	All	All
Application	Oracle	Financial Services Revenue Management And Billing Analytics	2.8	All	All	All
Application	Oracle	Flexcube Private Banking	12.0.0	All	All	All
Application	Oracle	Flexcube Private Banking	12.1.0	All	All	All
Application	Oracle	Health Sciences Data Management Workbench	2.4	All	All	All
Application	Oracle	Health Sciences Data Management Workbench	2.5	All	All	All
Application	Oracle	Hyperion Planning	11.1.2.4	All	All	All
Application	Oracle	Jdeveloper	11.1.1.9.0	All	All	All
Application	Oracle	Jdeveloper	12.1.3.0.0	All	All	All
Application	Oracle	Jdeveloper	12.2.1.3.0	All	All	All
Application	Oracle	Jdeveloper	11.1.1.9.0	All	All	All
Application	Oracle	Jdeveloper	12.1.3.0.0	All	All	All
Application	Oracle	Jdeveloper	12.2.1.3.0	All	All	All
Application	Oracle	Mysql	All	All	All	All
Application	Oracle	Rapid Planning	12.1.3	All	All	All
Application	Oracle	Retail Assortment Planning	15.0.3.0	All	All	All
Application	Oracle	Retail Assortment Planning	16.0.3.0	All	All	All
Application	Oracle	Retail Clearance Optimization Engine	13.4	All	All	All
Application	Oracle	Retail Clearance Optimization Engine	14.0.3	All	All	All
Application	Oracle	Retail Clearance Optimization Engine	14.0.5	All	All	All
Application	Oracle	Retail Markdown Optimization	13.4	All	All	All
Application	Oracle	Retail Sales Audit	15.0.3	All	All	All
Application	Oracle	Retail Sales Audit	16.0.2	All	All	All

References

Reference	Source	Link	Tags
Oracle Critical Patch Update Advisory - July 2020	MISC	www.oracle.com
Oracle Critical Patch Update Advisory - April 2021	MISC	www.oracle.com
Oracle Critical Patch Update Advisory - October 2019	MISC	www.oracle.com	Patch, Vendor Advisory
Oracle Critical Patch Update Advisory - April 2020	MISC	www.oracle.com
ZDI-19-1024 \| Zero Day Initiative	MISC	www.zerodayinitiative.com
Oracle Critical Patch Update Advisory - January 2020	MISC	www.oracle.com
Oracle Critical Patch Update Advisory - October 2020	N/A	www.oracle.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

20270 Oracle Database 21c Critical Patch Update - October 2022
20271 Oracle Database 19c Critical Patch Update - October 2022
20272 Oracle Database 19c Critical OJVM Patch Update - October 2022