In addition, it is possible to conduct SQL injection attacks. It is also possible to bypass access restriction mechanisms (e.g., try anonymous connections). If user credentials are not necessary for exploiting this vulnerability, then this can be exploited by administrators. Exploitation of this vulnerability results in unauthorized access to Oracle JDeveloper. Mitigation For Oracle JDeveloper users, it is recommended to update to the latest version. For administrators, it is recommended to review Oracle JDeveloper configuration and access control settings. Vulnerable versions The following versions are vulnerable to this issue: 12.2.1.3.0 12.2.1.4.0 12.2.1.4.0 12.2.1.5.0 12.2.1.5.0 12.2.1.5.1 12.2.1.6.0 12.2.1.6.0 12.2.1.6.1 12.2.1.6.1 12.2.1.6.2 12.2.1.7.0 12.2.1.7.0 12.2.1.7.1 12.2.1.7.1 12.2.1.7.2 12.2.1.7.2 12.2.1.7.3 12.2.1.7.3 12.2.1.7.4 12.2.1.7.4
How to determine which version of Oracle JDeveloper is installed?
To determine which version of Oracle JDeveloper is installed, log in to the JDeveloper console and go to Tools > Java Control Panel.
Vulnerability details
So, what does this vulnerability entail? Users must have "viewdata" permission for a database that uses the Oracle JDeveloper SQL interface. The only way to exploit this vulnerability is if your user account has write access permissions for the database.
Timeline
Published on: 04/19/2022 21:15:00 UTC
Last modified on: 04/28/2022 13:17:00 UTC