Darragh Duffy

Name of the Vulnerable Software and Affected Versions: Oracle REST Data Services versions 11.2.0.4 through 19c Standalone ORDS versions prior to 20.2.1 Description: The issue is related to errors in security mechanisms in the General component of Oracle REST Data Services, which can be exploited by a low-privileged attacker with network access via HTTP. This can result in unauthorized access to critical data or complete access to all Oracle REST Data Services accessible data. Recommendations: For Oracle REST Data Services versions 11.2.0.4 through 19c, update to a version later than 19c or apply the necessary patch. For Standalone ORDS versions prior to 20.2.1, update to version 20.2.1 or later.