CVE-2026-21931
BaseFortify
Publication date: 2026-01-20
Last updated on: 2026-01-29
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | apex | 23.2.0 |
| oracle | apex | 23.2.1 |
| oracle | apex | 24.1.0 |
| oracle | apex | 24.2.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle APEX Sample Applications, specifically in the Brookstrut Sample App component. It affects certain supported versions (23.2.0, 23.2.1, 24.1.0, 24.2.0, and 24.2.1). A low privileged attacker with network access via HTTP can exploit this vulnerability, but successful exploitation requires human interaction from someone other than the attacker. The vulnerability can lead to unauthorized update, insert, or delete access, as well as unauthorized read access to some data accessible by Oracle APEX Sample Applications. The scope of impact may extend beyond just the sample applications.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to perform unauthorized actions such as updating, inserting, or deleting data, and reading some data within Oracle APEX Sample Applications. This can compromise the confidentiality and integrity of the data, potentially affecting additional products due to scope change. The attack requires network access and some user interaction, but can lead to significant unauthorized data manipulation and disclosure.