Oracle APEX Sample Applications Brookstrut Sample App Vulnerability Allowing Unauthorized Data Access and Modification

A vulnerability exists in the Oracle APEX Sample Applications, specifically in the Brookstrut Sample App component. Affected versions include 23.2.0, 23.2.1, 24.1.0, 24.2.0, and 24.2.1. This vulnerability allows a low-privileged attacker with network access via HTTP to compromise the Oracle APEX Sample Applications. Exploitation requires human interaction from someone other than the attacker. While the vulnerability is contained within the Oracle APEX Sample Applications, successful attacks could significantly impact additional products. Exploitation of this vulnerability could lead to unauthorized access to update, insert, or delete some data within the Oracle APEX Sample Applications, as well as unauthorized read access to a subset of accessible data.

Impact

Exploitation allows for unauthorized modification and deletion of data, as well as unauthorized read access to certain data within the Oracle APEX Sample Applications.