Oracle Business Intelligence Publisher (October 2012 CPU)

According to the self-reported version of the Remote Oracle Business Intelligence Publisher install, it is missing the October 2012 Critical Patch Update. It is, therefore, affected by multiple reflected cross-site scripting vulnerabilities and an XML eXternal Entity XXE injection vulnerability...

CVE-2012-3193

CVE-2012-3193 affects Oracle BI Publisher within Oracle Fusion Middleware 10.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2, enabling remote authenticated users to impact confidentiality through unknown admin-related vectors. The NVD entry records a low-severity (CVSSv2 base 3.5) issue with networ...