Oracle Application Express General Vulnerability Allowing Data Manipulation and Unauthorized Access

Vulnerability

A vulnerability has been identified in Oracle Application Express, specifically in versions 23.2 and 24.1. This easily exploitable issue allows a low-privileged attacker with network access via HTTP to compromise Oracle Application Express. Successful exploitation requires human interaction from someone other than the attacker. While the vulnerability resides within Oracle Application Express, its effects may extend to other products, leading to a scope change. Exploitation of this vulnerability could result in unauthorized updates, inserts, or deletions of data accessible through Oracle Application Express, as well as unauthorized read access to certain subsets of that data.

Impact

Exploitation of this vulnerability could allow for unauthorized data manipulation (updates, inserts, deletions) and unauthorized read access to some data within Oracle Application Express.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

1.3

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

1.3

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle Application Express General Vulnerability Allowing Data Manipulation and Unauthorized Access

Vulnerability

Impact

Affected Products

Oracle Application Express

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating