36 matches found
CVE-2019-11358
CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...
CVE-2017-5645
CVE-2017-5645 affects Apache Log4j 2.x prior to 2.8.2. The vulnerability arises when using a TCP/UDP socket server to receive serialized log events from another application; a crafted binary payload can be deserialized to execute arbitrary code. The documented impact is remote code execution via ...
CVE-2021-21346
XStream (Java XML serialization library) has CVE-2021-21346 among a set of 2021-04x vulnerabilities. The issue affects XStream prior to 1.4.16 where processing input streams can lead to remote code execution or related impacts if exploitation occurs, with mitigations including enabling the Securi...
CVE-2019-10219
The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...
CVE-2019-2767
CVE-2019-2767 – Oracle BI Publisher (XML Publisher) XML External Entity Injection : The vulnerability affects Oracle Fusion Middleware’s BI Publisher component (subcomponent BI Publisher Security) versions 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0. It is exploitable over HTTP without authentication,...
CVE-2023-21846
CVE-2023-21846 affects Oracle BI Publisher (Security component) in Oracle Fusion Middleware. Affects: Oracle BI Publisher versions 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Description across sources states an easily exploitable vulnerability that allows a low-privileged attacker with network access v...
CVE-2022-21346
This CVE affects Oracle BI Publisher (BI Publisher Security) within Oracle Fusion Middleware. Affected versions include 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0. The issue is exploitable by an unauthenticated attacker over HTTP, potentially leading to unauthorized access to data across Oracle BI Pub...
CVE-2024-21082
CVE-2024-21082 affects Oracle BI Publisher (Oracle Analytics), specifically the XML Services component. Affected versions are 7.0.0.0.0 and 12.2.1.4.0. The root cause is insufficient input validation in XML Services, enabling an unauthenticated attacker with network access via HTTP to compromise ...
CVE-2023-21832
CVE-2023-21832 affects Oracle BI Publisher (Oracle Fusion Middleware Security). Vulnerable in affected versions: 5.9.0.0.0, 6.4.0.0.0, and 12.2.1.4.0. Public sources consistently describe it as an easily exploitable, network-access vulnerability with the potential for takeover of Oracle BI Publis...
CVE-2022-21523
CVE-2022-21523 affects Oracle Fusion Middleware's Oracle BI Publisher (BI Publisher Security). Affected versions are 12.2.1.3.0 and 12.2.1.4.0. The vulnerability allows a low-privileged attacker with network access via HTTP to read a subset of Oracle BI Publisher data. The CVSS base score is 4.3 ...
CVE-2022-21590
CVE-2022-21590 affects Oracle BI Publisher (Core Formatting API) in Oracle Fusion Middleware. Affected versions: 5.9.0.0, 6.4.0.0.0, 12.2.1.3.0, 12.2.1.4.0. The vulnerability allows a low-privilege, network-accessible attacker (via HTTP) to read or modify data and cause a partial denial of servic...
CVE-2021-2400
CVE-2021-2400 affects Oracle BI Publisher within Oracle Fusion Middleware (E-Business Suite - XDO). Affected versions are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. The vulnerability allows an unauthenticated, network-accessible attacker (via HTTP) to compromise BI Publisher and potentiall...
CVE-2024-21083
CVE-2024-21083 affects Oracle Analytics, Oracle BI Publisher, Script Engine component. Affected versions: 7.0.0.0.0 and 12.2.1.4.0. The vulnerability allows a high-privilege attacker with network access over HTTP to compromise Oracle BI Publisher, potentially taking over the product. Sources cons...
CVE-2021-2391
CVE-2021-2391 applies to Oracle BI Publisher (Fusion Middleware Scheduler). Affected products/versions include Oracle BI Publisher 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. The vulnerability allows a low-privilege, unauthenticated or lightly authenticated attacker with network access via ...
CVE-2024-21084
CVE-2024-21084 affects Oracle BI Publisher (Oracle Analytics) in the Service Gateway component for versions 7.0.0.0.0 and 12.2.1.4.0. An unauthenticated attacker with network access via HTTP can read data from Oracle BI Publisher; attacks may impact related products (scope change). The descriptio...
CVE-2021-2392
CVE-2021-2392 affects Oracle BI Publisher Security in Oracle Fusion Middleware. Affected: BI Publisher 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0. The vulnerability allows a low-privileged attacker with network access over HTTP to compromise Oracle BI Publisher, potentially leading to takeover...
CVE-2023-21970
The CVE-2023-21970 vulnerability affects Oracle BI Publisher (Oracle Analytics) with component Security, version 6.4.0.0.0. It is exploitable over HTTP by a low-privileged attacker and requires user interaction; successful exploitation can grant unauthorized access to Oracle BI Publisher data. CV...
CVE-2021-2401
CVE-2021-2401 affects Oracle BI Publisher in Oracle Fusion Middleware (component: E-Business Suite - XDO). Affected versions: 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0. The vulnerability allows an unauthenticated, network-accessible attacker (via HTTP) to read a subset of Oracle BI Publis...
CVE-2025-30724
CVE-2025-30724 is a confirmed vulnerability affecting Oracle BI Publisher (Oracle Analytics, XML Services). Affected versions are 7.6.0.0.0 and 12.2.1.4.0. The issue allows an unauthenticated attacker, over HTTP, to compromise Oracle BI Publisher and potentially obtain unauthorized access to crit...
CVE-2019-2768
CVE-2019-2768 affects Oracle Fusion Middleware BI Publisher (XML Publisher) Security, specifically the BI Publisher component, in version 11.1.1.9.0. The vulnerability allows an unauthenticated, network-based attacker to access BI Publisher data via HTTP, potentially leading to unauthorized acces...
CVE-2021-2396
CVE-2021-2396 is a documented vulnerability in Oracle BI Publisher (Oracle Fusion Middleware, E-Business Suite - XDO). Affected are versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. The issue allows a low-privileged attacker with network access over HTTP to compromise Oracle BI Publisher...
CVE-2023-22105
Oracle BI Publisher in Oracle Analytics (Web Server component) is affected by CVE-2023-22105 for versions 6.4.0.0.0 and 7.0.0.0.0. The issue allows a low-privileged, network-access attacker (via HTTP) to compromise BI Publisher, with required user interaction, potentially leading to unauthorized ...
CVE-2025-30723
CVE-2025-30723 affects Oracle BI Publisher (XML Services) in Oracle Analytics for versions 7.6.0.0.0 and 12.2.1.4.0. The issue allows a low-privileged attacker with network access via HTTP to perform unauthorized updates/inserts/deletes on Oracle BI Publisher data and may enable partial denial of...
CVE-2020-14571
CVE-2020-14571 affects Oracle BI Publisher (Mobile Service), part of Oracle Fusion Middleware. Affected versions are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. The vulnerability allows an unauthenticated, remote attacker over HTTP to compromise BI Publisher, potentially enabling unauthorized update/i...
CVE-2024-20979
Oracle BI Publisher (Oracle Analytics) contains CVE-2024-20979 affecting Web Server component. Affected versions: 6.4.0.0.0, 7.0.0.0.0, and 12.2.1.4.0. The vulnerability is exploitable over HTTP with network access by a low-privileged user and user interaction is required. Impact includes potenti...
CVE-2023-21941
CVE-2023-21941 affects Oracle BI Publisher (Oracle Analytics) Web Server component. Affected versions are 6.4.0.0.0 and 12.2.1.4.0. The vulnerability allows a low-privilege, network-accessing attacker over HTTP to obtain unauthorized read access to a subset of Oracle BI Publisher data. CVSS 3.1 b...
CVE-2024-21195
CVE-2024-21195 affects Oracle BI Publisher (Oracle Analytics) - Layout Templates. Affected: 7.0.0.0.0, 7.6.0.0.0, 12.2.1.4.0. Root cause: insufficient input validation in Layout Templates. Risk: remote, network-accessible via HTTP, low privileges; may result in unauthorized data access, data modi...
CVE-2019-2771
CVE-2019-2771 affects Oracle BI Publisher (XML Publisher) within Oracle Fusion Middleware, specifically the BI Publisher Security subcomponent. Affected versions listed are 11.1.1.9.0 and 12.2.1.3.0. The vulnerability is described as easily exploitable with network access via HTTP by a low-privil...
CVE-2019-2898
Oracle BI Publisher (Fusion Middleware) is affected by CVE-2019-2898 in the BI Publisher Security component. Affected versions: 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0. The vulnerability allows a low-privilege attacker with network access via HTTP to read a subset of BI Publisher data. No explicit rem...
CVE-2020-14585
CVE-2020-14585 affects Oracle BI Publisher (Mobile Service) in Oracle Fusion Middleware, specifically versions 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0. The vulnerability is described as easily exploitable with network access via HTTP, allowing an unauthenticated attacker (with user interaction req...
CVE-2020-14570
CVE-2020-14570 affects Oracle BI Publisher (Mobile Service) in Oracle Fusion Middleware. Affected versions are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise BI Publisher, with human interaction required for e...
CVE-2020-14584
CVE-2020-14584 affects Oracle BI Publisher (Oracle Fusion Middleware) for versions 12.2.1.3.0 and 12.2.1.4.0. The vulnerability in the BI Publisher Security component allows an unauthenticated attacker, with network access over HTTP, to compromise data; successful access can lead to unauthorized ...
CVE-2024-20987
CVE-2024-20987 affects Oracle BI Publisher Web Server (Oracle Analytics). Version 12.2.1.4.0 is vulnerable due to insufficient input validation in the Web Server component. An unauthenticated attacker with network access over HTTP, requiring user interaction, can lead to unauthorized update/inser...
CVE-2024-21254
CVE-2024-21254 affects Oracle Analytics’ Oracle BI Publisher Web Server component (and concerns Layout Templates) with versions 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. The flaw allows a low-privileged, network-accessing attacker over HTTP to compromise Oracle BI Publisher, potentially takeover the p...
CVE-2025-50060
CVE-2025-50060 affects Oracle BI Publisher (Web Server) in Oracle Analytics. Affected versions: 7.6.0.0.0, 8.2.0.0.0, 12.2.1.4.0. The vulnerability allows a low‑privileged, unauthenticated attacker with network access via HTTP to compromise BI Publisher, enabling unauthorized creation/deletion/mo...
CVE-2025-61754
The CVE-2025-61754 entry affects Oracle BI Publisher (Web Service API) within Oracle Analytics. Affected versions are 7.6.0.0.0 and 8.2.0.0.0. The vulnerability is exploitable over HTTP by a low-privilege attacker with network access, potentially leading to unauthorized access to Oracle BI Publis...