Przemyslaw Nowakowski

**Name of the Vulnerable Software and Affected Versions** Oracle Application Express versions 5.1 through 19.2 **Description** The issue is related to insufficient input validation in the Oracle Application Express component of Oracle Database Server. It allows a low-privileged attacker with a valid user account and network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized update, insert, or delete access to some of Oracle Application Express's accessible data, as well as unauthorized read access to a subset of Oracle Application Express's accessible data. **Recommendations** For versions 5.1 through 19.2, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.