Lucene search
+L
OracleBi Publisher

36 matches found

CVE
CVE
added 2019/04/19 12:0 a.m.3116 views

CVE-2019-11358

CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...

6.1CVSS6.4AI score0.87218EPSS
In wild
CVE
CVE
added 2017/04/17 9:0 p.m.609 views

CVE-2017-5645

CVE-2017-5645 affects Apache Log4j 2.x prior to 2.8.2. The vulnerability arises when using a TCP/UDP socket server to receive serialized log events from another application; a crafted binary payload can be deserialized to execute arbitrary code. The documented impact is remote code execution via ...

9.8CVSS9.5AI score0.8904EPSS
CVE
CVE
added 2021/03/22 11:40 p.m.427 views

CVE-2021-21346

XStream (Java XML serialization library) has CVE-2021-21346 among a set of 2021-04x vulnerabilities. The issue affects XStream prior to 1.4.16 where processing input streams can lead to remote code execution or related impacts if exploitation occurs, with mitigations including enabling the Securi...

9.8CVSS8.3AI score0.76367EPSS
CVE
CVE
added 2019/11/08 2:46 p.m.301 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.170 views

CVE-2019-2767

CVE-2019-2767 – Oracle BI Publisher (XML Publisher) XML External Entity Injection : The vulnerability affects Oracle Fusion Middleware’s BI Publisher component (subcomponent BI Publisher Security) versions 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0. It is exploitable over HTTP without authentication,...

7.2CVSS6.2AI score0.05238EPSS
CVE
CVE
added 2023/01/17 11:35 p.m.117 views

CVE-2023-21846

CVE-2023-21846 affects Oracle BI Publisher (Security component) in Oracle Fusion Middleware. Affects: Oracle BI Publisher versions 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Description across sources states an easily exploitable vulnerability that allows a low-privileged attacker with network access v...

8.8CVSS8.3AI score0.00631EPSS
CVE
CVE
added 2022/01/19 11:25 a.m.110 views

CVE-2022-21346

This CVE affects Oracle BI Publisher (BI Publisher Security) within Oracle Fusion Middleware. Affected versions include 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0. The issue is exploitable by an unauthenticated attacker over HTTP, potentially leading to unauthorized access to data across Oracle BI Pub...

7.5CVSS7.1AI score0.02169EPSS
CVE
CVE
added 2024/04/16 9:26 p.m.104 views

CVE-2024-21082

CVE-2024-21082 affects Oracle BI Publisher (Oracle Analytics), specifically the XML Services component. Affected versions are 7.0.0.0.0 and 12.2.1.4.0. The root cause is insufficient input validation in XML Services, enabling an unauthenticated attacker with network access via HTTP to compromise ...

9.8CVSS7.4AI score0.00807EPSS
CVE
CVE
added 2023/01/17 11:35 p.m.91 views

CVE-2023-21832

CVE-2023-21832 affects Oracle BI Publisher (Oracle Fusion Middleware Security). Vulnerable in affected versions: 5.9.0.0.0, 6.4.0.0.0, and 12.2.1.4.0. Public sources consistently describe it as an easily exploitable, network-access vulnerability with the potential for takeover of Oracle BI Publis...

8.8CVSS8.3AI score0.00631EPSS
CVE
CVE
added 2022/07/19 9:7 p.m.89 views

CVE-2022-21523

CVE-2022-21523 affects Oracle Fusion Middleware's Oracle BI Publisher (BI Publisher Security). Affected versions are 12.2.1.3.0 and 12.2.1.4.0. The vulnerability allows a low-privileged attacker with network access via HTTP to read a subset of Oracle BI Publisher data. The CVSS base score is 4.3 ...

4.3CVSS3.8AI score0.00592EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.87 views

CVE-2022-21590

CVE-2022-21590 affects Oracle BI Publisher (Core Formatting API) in Oracle Fusion Middleware. Affected versions: 5.9.0.0, 6.4.0.0.0, 12.2.1.3.0, 12.2.1.4.0. The vulnerability allows a low-privilege, network-accessible attacker (via HTTP) to read or modify data and cause a partial denial of servic...

7.6CVSS7.4AI score0.00645EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.85 views

CVE-2021-2400

CVE-2021-2400 affects Oracle BI Publisher within Oracle Fusion Middleware (E-Business Suite - XDO). Affected versions are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. The vulnerability allows an unauthenticated, network-accessible attacker (via HTTP) to compromise BI Publisher and potentiall...

7.5CVSS7.1AI score0.83298EPSS
CVE
CVE
added 2024/04/16 9:26 p.m.77 views

CVE-2024-21083

CVE-2024-21083 affects Oracle Analytics, Oracle BI Publisher, Script Engine component. Affected versions: 7.0.0.0.0 and 12.2.1.4.0. The vulnerability allows a high-privilege attacker with network access over HTTP to compromise Oracle BI Publisher, potentially taking over the product. Sources cons...

7.2CVSS7.8AI score0.00684EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.76 views

CVE-2021-2391

CVE-2021-2391 applies to Oracle BI Publisher (Fusion Middleware Scheduler). Affected products/versions include Oracle BI Publisher 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. The vulnerability allows a low-privilege, unauthenticated or lightly authenticated attacker with network access via ...

9CVSS8.3AI score0.34677EPSS
CVE
CVE
added 2024/04/16 9:26 p.m.75 views

CVE-2024-21084

CVE-2024-21084 affects Oracle BI Publisher (Oracle Analytics) in the Service Gateway component for versions 7.0.0.0.0 and 12.2.1.4.0. An unauthenticated attacker with network access via HTTP can read data from Oracle BI Publisher; attacks may impact related products (scope change). The descriptio...

5.8CVSS5.8AI score0.00437EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.73 views

CVE-2021-2392

CVE-2021-2392 affects Oracle BI Publisher Security in Oracle Fusion Middleware. Affected: BI Publisher 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0. The vulnerability allows a low-privileged attacker with network access over HTTP to compromise Oracle BI Publisher, potentially leading to takeover...

9CVSS8.2AI score0.03119EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.72 views

CVE-2023-21970

The CVE-2023-21970 vulnerability affects Oracle BI Publisher (Oracle Analytics) with component Security, version 6.4.0.0.0. It is exploitable over HTTP by a low-privileged attacker and requires user interaction; successful exploitation can grant unauthorized access to Oracle BI Publisher data. CV...

5.7CVSS5AI score0.00575EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.71 views

CVE-2021-2401

CVE-2021-2401 affects Oracle BI Publisher in Oracle Fusion Middleware (component: E-Business Suite - XDO). Affected versions: 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0. The vulnerability allows an unauthenticated, network-accessible attacker (via HTTP) to read a subset of Oracle BI Publis...

5.3CVSS4.4AI score0.8482EPSS
CVE
CVE
added 2025/04/15 8:31 p.m.70 views

CVE-2025-30724

CVE-2025-30724 is a confirmed vulnerability affecting Oracle BI Publisher (Oracle Analytics, XML Services). Affected versions are 7.6.0.0.0 and 12.2.1.4.0. The issue allows an unauthenticated attacker, over HTTP, to compromise Oracle BI Publisher and potentially obtain unauthorized access to crit...

7.5CVSS6.9AI score0.0041EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.68 views

CVE-2019-2768

CVE-2019-2768 affects Oracle Fusion Middleware BI Publisher (XML Publisher) Security, specifically the BI Publisher component, in version 11.1.1.9.0. The vulnerability allows an unauthenticated, network-based attacker to access BI Publisher data via HTTP, potentially leading to unauthorized acces...

7.5CVSS7AI score0.01758EPSS
In wild
CVE
CVE
added 2021/07/20 10:44 p.m.67 views

CVE-2021-2396

CVE-2021-2396 is a documented vulnerability in Oracle BI Publisher (Oracle Fusion Middleware, E-Business Suite - XDO). Affected are versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. The issue allows a low-privileged attacker with network access over HTTP to compromise Oracle BI Publisher...

9CVSS8.3AI score0.35713EPSS
CVE
CVE
added 2023/10/17 9:3 p.m.67 views

CVE-2023-22105

Oracle BI Publisher in Oracle Analytics (Web Server component) is affected by CVE-2023-22105 for versions 6.4.0.0.0 and 7.0.0.0.0. The issue allows a low-privileged, network-access attacker (via HTTP) to compromise BI Publisher, with required user interaction, potentially leading to unauthorized ...

5.4CVSS4.9AI score0.00341EPSS
CVE
CVE
added 2025/04/15 8:31 p.m.65 views

CVE-2025-30723

CVE-2025-30723 affects Oracle BI Publisher (XML Services) in Oracle Analytics for versions 7.6.0.0.0 and 12.2.1.4.0. The issue allows a low-privileged attacker with network access via HTTP to perform unauthorized updates/inserts/deletes on Oracle BI Publisher data and may enable partial denial of...

5.4CVSS4.8AI score0.0031EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.61 views

CVE-2020-14571

CVE-2020-14571 affects Oracle BI Publisher (Mobile Service), part of Oracle Fusion Middleware. Affected versions are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. The vulnerability allows an unauthenticated, remote attacker over HTTP to compromise BI Publisher, potentially enabling unauthorized update/i...

7.2CVSS6.6AI score0.01218EPSS
CVE
CVE
added 2024/01/16 9:41 p.m.61 views

CVE-2024-20979

Oracle BI Publisher (Oracle Analytics) contains CVE-2024-20979 affecting Web Server component. Affected versions: 6.4.0.0.0, 7.0.0.0.0, and 12.2.1.4.0. The vulnerability is exploitable over HTTP with network access by a low-privileged user and user interaction is required. Impact includes potenti...

5.4CVSS4.8AI score0.00269EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.60 views

CVE-2023-21941

CVE-2023-21941 affects Oracle BI Publisher (Oracle Analytics) Web Server component. Affected versions are 6.4.0.0.0 and 12.2.1.4.0. The vulnerability allows a low-privilege, network-accessing attacker over HTTP to obtain unauthorized read access to a subset of Oracle BI Publisher data. CVSS 3.1 b...

4.3CVSS3.4AI score0.00481EPSS
CVE
CVE
added 2024/10/15 7:52 p.m.60 views

CVE-2024-21195

CVE-2024-21195 affects Oracle BI Publisher (Oracle Analytics) - Layout Templates. Affected: 7.0.0.0.0, 7.6.0.0.0, 12.2.1.4.0. Root cause: insufficient input validation in Layout Templates. Risk: remote, network-accessible via HTTP, low privileges; may result in unauthorized data access, data modi...

7.6CVSS7.1AI score0.00426EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.59 views

CVE-2019-2771

CVE-2019-2771 affects Oracle BI Publisher (XML Publisher) within Oracle Fusion Middleware, specifically the BI Publisher Security subcomponent. Affected versions listed are 11.1.1.9.0 and 12.2.1.3.0. The vulnerability is described as easily exploitable with network access via HTTP by a low-privil...

8.2CVSS7.3AI score0.00959EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.58 views

CVE-2019-2898

Oracle BI Publisher (Fusion Middleware) is affected by CVE-2019-2898 in the BI Publisher Security component. Affected versions: 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0. The vulnerability allows a low-privilege attacker with network access via HTTP to read a subset of BI Publisher data. No explicit rem...

4.3CVSS4AI score0.0096EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.58 views

CVE-2020-14585

CVE-2020-14585 affects Oracle BI Publisher (Mobile Service) in Oracle Fusion Middleware, specifically versions 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0. The vulnerability is described as easily exploitable with network access via HTTP, allowing an unauthenticated attacker (with user interaction req...

8.2CVSS8.3AI score0.01384EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.56 views

CVE-2020-14570

CVE-2020-14570 affects Oracle BI Publisher (Mobile Service) in Oracle Fusion Middleware. Affected versions are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise BI Publisher, with human interaction required for e...

7.1CVSS7.1AI score0.01432EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.56 views

CVE-2020-14584

CVE-2020-14584 affects Oracle BI Publisher (Oracle Fusion Middleware) for versions 12.2.1.3.0 and 12.2.1.4.0. The vulnerability in the BI Publisher Security component allows an unauthenticated attacker, with network access over HTTP, to compromise data; successful access can lead to unauthorized ...

8.2CVSS8.3AI score0.01384EPSS
CVE
CVE
added 2024/01/16 9:41 p.m.55 views

CVE-2024-20987

CVE-2024-20987 affects Oracle BI Publisher Web Server (Oracle Analytics). Version 12.2.1.4.0 is vulnerable due to insufficient input validation in the Web Server component. An unauthenticated attacker with network access over HTTP, requiring user interaction, can lead to unauthorized update/inser...

5.4CVSS4.9AI score0.00308EPSS
CVE
CVE
added 2024/10/15 7:52 p.m.52 views

CVE-2024-21254

CVE-2024-21254 affects Oracle Analytics’ Oracle BI Publisher Web Server component (and concerns Layout Templates) with versions 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. The flaw allows a low-privileged, network-accessing attacker over HTTP to compromise Oracle BI Publisher, potentially takeover the p...

8.8CVSS8.4AI score0.00504EPSS
CVE
CVE
added 2025/07/15 7:27 p.m.24 views

CVE-2025-50060

CVE-2025-50060 affects Oracle BI Publisher (Web Server) in Oracle Analytics. Affected versions: 7.6.0.0.0, 8.2.0.0.0, 12.2.1.4.0. The vulnerability allows a low‑privileged, unauthenticated attacker with network access via HTTP to compromise BI Publisher, enabling unauthorized creation/deletion/mo...

8.1CVSS7.1AI score0.00258EPSS
CVE
CVE
added 2025/10/21 8:3 p.m.22 views

CVE-2025-61754

The CVE-2025-61754 entry affects Oracle BI Publisher (Web Service API) within Oracle Analytics. Affected versions are 7.6.0.0.0 and 8.2.0.0.0. The vulnerability is exploitable over HTTP by a low-privilege attacker with network access, potentially leading to unauthorized access to Oracle BI Publis...

6.5CVSS5.6AI score0.00311EPSS