CVE-2019-2484

Name of the Vulnerable Software and Affected Versions Oracle Database Server Application Express versions 5.1 and 18.2

Description The issue is related to insufficient access control in the Application Express component, allowing a low-privileged attacker with a valid account and network access via HTTP to compromise Application Express. Successful attacks require human interaction and can result in unauthorized update, insert, or delete access to some Application Express accessible data, as well as unauthorized read access to a subset of Application Express accessible data. The vulnerability can significantly impact additional products.

Recommendations For version 5.1, update to a version that includes the fix for this issue. For version 18.2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Application Express component to minimize the risk of exploitation.