Oracle JDeveloper and ADF product versions 11.1.1.9.0 Insufficient Information Vulnerability

Summary

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: OAM). Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. 

 

 

Credit:

The information has been provided by Alaa Kachouh

The original article can be found at: http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

 


Details

Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper and ADF accessible data.

 

Vulnerable Systems:

Oracle JDeveloper and ADF product versions 11.1.1.9.0 

Oracle JDeveloper and ADF product versions 11.1.2.4.0 

Oracle JDeveloper and ADF product versions 12.1.3.0.0 

Oracle JDeveloper and ADF product versions 12.2.1.3.0

 

CVE Information:

CVE-2019-2899

 

Disclosure Timeline:
Published Date:10/16/2019