CVE-2021-2062

🗓️ 20 Jan 2021 14:50:06Reported by oracleType

Vulnerability in Oracle BI Publisher product of Oracle Fusion Middleware, allows low privileged attacker to compromise via HTTP, impacting additional products, resulting in unauthorized access to critical data, and unauthorized data manipulation

Reporter	Title	Published	Views	Family All 14
BDU FSTEC	The vulnerability of the Web Server component of the Oracle BI Publisher software, which is used for creating reports, allows a malicious individual to gain unauthorized access to protected information or to read, modify, add, or delete data.	2 Feb 202100:00	–	bdu_fstec
Circl	CVE-2021-2062	20 Jan 202118:43	–	circl
CNNVD	Oracle Fusion Middleware 安全漏洞	19 Jan 202100:00	–	cnnvd
CNVD	Unspecified Vulnerability in Oracle BI Publisher (CNVD-2021-04812)	20 Jan 202100:00	–	cnvd
CVE	CVE-2021-2062	20 Jan 202114:50	–	cve
EUVD	EUVD-2021-16521	7 Oct 202500:30	–	euvd
NCSC	Vulnerabilities fixed in Oracle Fusion Middleware	21 Jan 202100:00	–	ncsc
NVD	CVE-2021-2062	20 Jan 202115:15	–	nvd
Oracle	Oracle Critical Patch Update Advisory - January 2021	19 Jan 202100:00	–	oracle
Tenable Nessus	Oracle Business Intelligence Publisher Multiple Vulnerabilities (Jan 2021 CPU)	10 Mar 202100:00	–	nessus

[
  {
    "product": "BI Publisher (formerly XML Publisher)",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "5.5.0.0.0"
      },
      {
        "status": "affected",
        "version": "11.1.1.9.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.3.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.4.0"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com/security-alerts/cpujan2021.html

20 Jan 2021 14:50Current

7.8High risk

Vulners AI Score7.8

CVSS 3.17.6

EPSS0.00922