Vulnerability-Lookup

CVE-2019-2907 (GCVE-0-2019-2907)

Vulnerability from cvelistv5 – Published: 2019-10-16 17:40 – Updated: 2024-10-15 18:49

Summary

Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware (component: SOAP with Attachments API for Java). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services. While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).

Severity ?

No CVSS data available.

CWE

Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services. While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data.

Assigner

oracle

References

1 reference

URL	Tags
http://www.oracle.com/technetwork/security-adviso…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	Web Services	Affected: 12.2.1.3.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:03:43.346Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-2907",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T17:29:28.776021Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T18:49:46.591Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Web Services",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "12.2.1.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware (component: SOAP with Attachments API for Java). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services. While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services.  While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as  unauthorized read access to a subset of Oracle Web Services accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-16T17:40:54.000Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2019-2907",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Web Services",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "12.2.1.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware (component: SOAP with Attachments API for Java). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services. While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services.  While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as  unauthorized read access to a subset of Oracle Web Services accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2019-2907",
    "datePublished": "2019-10-16T17:40:54.000Z",
    "dateReserved": "2018-12-14T00:00:00.000Z",
    "dateUpdated": "2024-10-15T18:49:46.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-2907",
      "date": "2026-05-19",
      "epss": "0.01141",
      "percentile": "0.78637"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-2907\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2019-10-16T18:15:27.763\",\"lastModified\":\"2024-11-21T04:41:46.920\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware (component: SOAP with Attachments API for Java). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services. While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el producto Oracle Web Services de Oracle Fusion Middleware (componente: SOAP con API Attachments para Java). La versi\u00f3n compatible que est\u00e1 afectada es 12.2.1.3.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle Web Services. Aunque la vulnerabilidad se encuentre en Oracle Web Services, los ataques pueden impactar significativamente a productos adicionales. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en actualizar, insertar o eliminar de forma no autorizada el acceso a algunos de los datos accesibles de Oracle Web Services, as\u00ed como tambi\u00e9n el acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Web Services. CVSS 3.0 Puntuaci\u00f3n Base 7.2 (Impactos de la Confidencialidad e Integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:web_services:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82CF8BE3-6E52-4E51-B3DD-87ECBC681611\"}]}]}],\"references\":[{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T19:03:43.346Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-2907\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-15T17:29:28.776021Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-15T18:15:18.699Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"Web Services\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.2.1.3.0\"}]}], \"references\": [{\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware (component: SOAP with Attachments API for Java). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services. While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services.  While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as  unauthorized read access to a subset of Oracle Web Services accessible data.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2019-10-16T17:40:54.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"12.2.1.3.0\", \"version_affected\": \"=\"}]}, \"product_name\": \"Web Services\"}]}, \"vendor_name\": \"Oracle Corporation\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"name\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware (component: SOAP with Attachments API for Java). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services. While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services.  While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as  unauthorized read access to a subset of Oracle Web Services accessible data.\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2019-2907\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert_us@oracle.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2019-2907\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-15T18:49:46.591Z\", \"dateReserved\": \"2018-12-14T00:00:00.000Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2019-10-16T17:40:54.000Z\", \"assignerShortName\": \"oracle\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2019-2907

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-2907

Aliases

CVE-2019-2907

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-2907",
    "description": "Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware (component: SOAP with Attachments API for Java). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services. While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).",
    "id": "GSD-2019-2907"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-2907"
      ],
      "details": "Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware (component: SOAP with Attachments API for Java). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services. While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).",
      "id": "GSD-2019-2907",
      "modified": "2023-12-13T01:23:45.017830Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2019-2907",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Web Services",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "12.2.1.3.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Oracle Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware (component: SOAP with Attachments API for Java). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services. While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services.  While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as  unauthorized read access to a subset of Oracle Web Services accessible data."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
            "refsource": "MISC",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:web_services:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2019-2907"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware (component: SOAP with Attachments API for Java). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services. While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2019-10-18T15:23Z",
      "publishedDate": "2019-10-16T18:15Z"
    }
  }
}

FKIE_CVE-2019-2907

Vulnerability from fkie_nvd - Published: 2019-10-16 18:15 - Updated: 2024-11-21 04:41

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Summary

References

	URL	Tags
	secalert_us@oracle.com	http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	oracle	web_services	12.2.1.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:web_services:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82CF8BE3-6E52-4E51-B3DD-87ECBC681611",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware (component: SOAP with Attachments API for Java). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services. While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Web Services de Oracle Fusion Middleware (componente: SOAP con API Attachments para Java). La versi\u00f3n compatible que est\u00e1 afectada es 12.2.1.3.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle Web Services. Aunque la vulnerabilidad se encuentre en Oracle Web Services, los ataques pueden impactar significativamente a productos adicionales. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en actualizar, insertar o eliminar de forma no autorizada el acceso a algunos de los datos accesibles de Oracle Web Services, as\u00ed como tambi\u00e9n el acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Web Services. CVSS 3.0 Puntuaci\u00f3n Base 7.2 (Impactos de la Confidencialidad e Integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)."
    }
  ],
  "id": "CVE-2019-2907",
  "lastModified": "2024-11-21T04:41:46.920",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-16T18:15:27.763",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2019-39890

Vulnerability from cnvd - Published: 2019-11-10

Title

Oracle Fusion Middleware Web Services存在未明漏洞

Description

Oracle Fusion Middleware（Oracle融合中间件）是美国甲骨文（Oracle）公司的一套面向企业和云环境的业务创新平台。该平台提供了中间件、软件集合等功能。Web Services是其中的一个基于Web的应用程序间交互服务组件。 Oracle Fusion Middleware Web Services存在未明漏洞。攻击者可利用该漏洞未授权读取、更新、插入或删除数据，影响数据的保密性和完整性。

Severity

中

Patch Name

Oracle Fusion Middleware Web Services存在未明漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-2907

Impacted products

Name
Oracle Oracle Fusion Middleware Web Services 12.2.1.3.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-2907",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-2907"
    }
  },
  "description": "Oracle Fusion Middleware\uff08Oracle\u878d\u5408\u4e2d\u95f4\u4ef6\uff09\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u9762\u5411\u4f01\u4e1a\u548c\u4e91\u73af\u5883\u7684\u4e1a\u52a1\u521b\u65b0\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u63d0\u4f9b\u4e86\u4e2d\u95f4\u4ef6\u3001\u8f6f\u4ef6\u96c6\u5408\u7b49\u529f\u80fd\u3002Web Services\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u57fa\u4e8eWeb\u7684\u5e94\u7528\u7a0b\u5e8f\u95f4\u4ea4\u4e92\u670d\u52a1\u7ec4\u4ef6\u3002\n\nOracle Fusion Middleware Web Services\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u672a\u6388\u6743\u8bfb\u53d6\u3001\u66f4\u65b0\u3001\u63d2\u5165\u6216\u5220\u9664\u6570\u636e\uff0c\u5f71\u54cd\u6570\u636e\u7684\u4fdd\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-39890",
  "openTime": "2019-11-10",
  "patchDescription": "Oracle Fusion Middleware\uff08Oracle\u878d\u5408\u4e2d\u95f4\u4ef6\uff09\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u9762\u5411\u4f01\u4e1a\u548c\u4e91\u73af\u5883\u7684\u4e1a\u52a1\u521b\u65b0\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u63d0\u4f9b\u4e86\u4e2d\u95f4\u4ef6\u3001\u8f6f\u4ef6\u96c6\u5408\u7b49\u529f\u80fd\u3002Web Services\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u57fa\u4e8eWeb\u7684\u5e94\u7528\u7a0b\u5e8f\u95f4\u4ea4\u4e92\u670d\u52a1\u7ec4\u4ef6\u3002\r\n\r\nOracle Fusion Middleware Web Services\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u672a\u6388\u6743\u8bfb\u53d6\u3001\u66f4\u65b0\u3001\u63d2\u5165\u6216\u5220\u9664\u6570\u636e\uff0c\u5f71\u54cd\u6570\u636e\u7684\u4fdd\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle Fusion Middleware Web Services\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Oracle Oracle Fusion Middleware Web Services 12.2.1.3.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-2907",
  "serverity": "\u4e2d",
  "submitTime": "2019-10-23",
  "title": "Oracle Fusion Middleware Web Services\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

BDU:2019-04003

Vulnerability from fstec - Published: 15.10.2019

Title

Уязвимость подкомпонента SOAP with Attachments API for Java сервера приложений Oracle WebLogic Server программной платформы Oracle Fusion Middleware, позволяющая нарушителю получить несанкционированный доступ на чтение, изменение, добавление или удаление данных

Description

Уязвимость подкомпонента SOAP with Attachments API for Java сервера приложений Oracle WebLogic Server программной платформы Oracle Fusion Middleware связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ на чтение, изменение, добавление или удаление данных при помощи сетевого HTTP протокола

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Vendor

Oracle Corp.

Software Name

Fusion Middleware

Software Version

12.2.1.3.0 (Fusion Middleware)

Possible Mitigations

Использование рекомендаций: https://www.oracle.com/security-alerts/cpuoct2019.html

Reference

https://www.oracle.com/technetwork/topics/security/public-vuln-to-advisory-mapping-093627.html

CWE

CWE-284

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Oracle Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "12.2.1.3.0 (Fusion Middleware)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.oracle.com/security-alerts/cpuoct2019.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.10.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "11.11.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "11.11.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-04003",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-2907",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Fusion Middleware",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 SOAP with Attachments API for Java \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Oracle WebLogic Server \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Oracle Fusion\u00a0Middleware, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435, \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435, \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 SOAP with Attachments API for Java \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Oracle WebLogic Server \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Oracle Fusion\u00a0Middleware \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435, \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435, \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e HTTP \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.oracle.com/technetwork/topics/security/public-vuln-to-advisory-mapping-093627.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)"
}

GHSA-47F8-2R49-J3HV

Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2024-04-04 02:29

Details

Severity ?

7.2 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-2907"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-16T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware (component: SOAP with Attachments API for Java). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services. While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).",
  "id": "GHSA-47f8-2r49-j3hv",
  "modified": "2024-04-04T02:29:27Z",
  "published": "2022-05-24T16:59:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2907"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-2907 (GCVE-0-2019-2907)

GSD-2019-2907

FKIE_CVE-2019-2907

CNVD-2019-39890

BDU:2019-04003

GHSA-47F8-2R49-J3HV

Tags

Sightings

Nomenclature