Oracle JDeveloper DoS (July 2025 CPU)

The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by denial of service vulnerability as referenced in the July 2025 CPU advisory. - Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware component: ADF Apache...

VulnCheck KEV: CVE-2013-3827

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0...

CVE-2019-2899

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware component: OAM. Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromis...

Oracle JDeveloper DoS (April 2025 CPU)

The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by denial of service vulnerability as referenced in the April 2025 CPU advisory. - Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware component: Generic...

CVE-2019-2904

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware component: ADF Faces. Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

Oracle ADF Faces Deserialization of Untrusted Data Vulnerability

Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution...

Oracle JDeveloper DoS (July 2024 CPU)

The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by denial of service vulnerability as referenced in the July 2024 CPU advisory. Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware component: Oracle...

Oracle JDeveloper Multiple Vulnerabilities (January 2024 CPU)

The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory. - Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware component: Oracle JDevelop...

VulnCheck KEV: CVE-2022-21445

Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution...

Oracle JDeveloper Information Disclosure (July 2023 CPU)

The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by an information disclosure vulnerability as referenced in the July 2023 CPU advisory. The vulnerability is in the Oracle JDeveloper product of Oracle Fusion Middleware component...

Oracle JDeveloper Information Disclosure (April 2023 CPU)

The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by an information disclosure vulnerability as referenced in the April 2023 CPU advisory. Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware component: ADF...

Oracle JDeveloper Multiple Vulnerabilities (April 2022 CPU)

The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory: - Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware component: Oracle JDeveloper...

CVE-2022-21445

Vulnerability in the Oracle Application Development Framework ADF product of Oracle Fusion Middleware component: ADF Faces. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

Design/Logic Flaw

Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware component: ADF Faces. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper...

CVE-2022-21445

CVE-2022-21445 is a vulnerability in the Oracle Application Development Framework (ADF Faces) within Oracle Fusion Middleware. Affected are the JDeveloper-distributed ADF components for versions 12.2.1.3.0 and 12.2.1.4.0. The vulnerability allows unauthenticated, network-accessible attackers to e...

CVE-2022-21445

...

Oracle JDeveloper XXE (July 2021 CPU)

The version of Oracle JDeveloper installed on the remote host is prior to 12.2.1.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the July 2021 CPU advisory: - Vulnerability in the Essbase product of Oracle Essbase component: Infrastructure Apache Commons Compress. The...

Oracle JDeveloper XSS (October 2020 CPU)

The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by a cross-site scripting XSS vulnerability in the ADF Faces jQuery component. An unauthenticated, remote attacker can exploit this issue to compromise Oracle JDeveloper. Successf...

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in the following Oracle Fusion Middleware products: JDeveloper HTTP Server Identity Manager Connector Business Intelligence Enterprise Edition WebLogic Server The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable syste...

Oracle JDeveloper ADF Faces Insecure Deserialization (CVE-2019-2904)

An insecure deserialization vulnerability exists in Oracle JDeveloper ADF Faces. This vulnerability is due to insufficient validation of HTTP requests...