PT-2025-16436 · Oracle · Oracle Database Server
Published
2025-04-15
·
Updated
2025-06-26
·
CVE-2025-30702
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle Database Server versions 19.3 through 19.26
Description
The issue affects the Fleet Patching and Provisioning component of Oracle Database Server, allowing an unauthenticated attacker with network access via HTTP to compromise it. Successful attacks can result in unauthorized read access to a subset of Fleet Patching and Provisioning accessible data.
Recommendations
For versions 19.3 through 19.26, update to a version that includes a fix for this issue to prevent unauthorized read access.
As a temporary workaround, consider restricting access to the Fleet Patching and Provisioning component until a patch is available.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Database Server