PT-2025-29607 · Oracle · Oracle Rest Data Services

Juttikhun Jirathanan

Publicado

2025-07-15

Atualizado

2025-07-25

CVE-2025-30756

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Oracle REST Data Services version 24.2.0

Description An easily exploitable issue exists in Oracle REST Data Services that allows an unauthenticated attacker with network access via HTTP to compromise the service. Successful attacks require human interaction from a person other than the attacker. Exploitation may significantly impact additional products. Successful attacks can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data accessible through Oracle REST Data Services.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

BDU:2025-08638

CVE-2025-30756

Produtos afetados

Oracle Rest Data Services

PT-2025-29607 · Oracle · Oracle Rest Data Services

CVE-2025-30756

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6