Kush Jijania

**Name of the Vulnerable Software and Affected Versions** Oracle Utilities Application Framework versions 4.4.0.3.0 through 4.5.0.2.0 Oracle Utilities Application Framework versions 25.4 and 25.10 **Description** A flaw exists within the Oracle Utilities Application Framework component of Oracle Utilities Applications. This issue allows a low-privileged attacker with network access via HTTP to compromise the application. Exploitation requires interaction from a user other than the attacker. While the vulnerability resides in Oracle Utilities Application Framework, successful attacks may impact other products. Successful exploitation can lead to unauthorized data modification (update, insert, or delete) and unauthorized data access (read) within Oracle Utilities Application Framework. **Recommendations** Update Oracle Utilities Application Framework version 4.4.0.3.0 to a newer, fixed version. Update Oracle Utilities Application Framework version 4.5.0.0.0 to a newer, fixed version. Update Oracle Utilities Application Framework version 4.5.0.1.1 to a newer, fixed version. Update Oracle Utilities Application Framework version 4.5.0.1.3 to a newer, fixed version. Update Oracle Utilities Application Framework version 4.5.0.2.0 to a newer, fixed version. Update Oracle Utilities Application Framework version 25.4 to a newer, fixed version. Update Oracle Utilities Application Framework version 25.10 to a newer, fixed version.

**Name of the Vulnerable Software and Affected Versions** Oracle Application Express versions 23.2 through 24.1 **Description** The issue is related to insufficient input validation in the General component of Oracle Application Express. It allows a low-privileged attacker with network access via HTTP to compromise Oracle Application Express, potentially impacting additional products. Successful attacks can result in unauthorized update, insert, or delete access to some of Oracle Application Express's accessible data, as well as unauthorized read access to a subset of Oracle Application Express's accessible data. **Recommendations** For versions 23.2 and 24.1, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.