Bi Publisher Security Vulnerabilities and Issues — Bi Publisher CVE List

Lucene search

OracleBi Publisher

34 matches found

CVE•added 2019/04/20 12:29 a.m.•2189 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

6.1CVSS6.4AI score0.02394EPSS

CVE•added 2017/04/17 9:59 p.m.•517 views

CVE-2017-5645

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

9.8CVSS9.5AI score0.94013EPSS

CVE•added 2021/03/23 12:15 a.m.•329 views

CVE-2021-21346

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed...

9.8CVSS8.3AI score0.03899EPSS

CVE•added 2019/11/08 3:15 p.m.•230 views

CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

6.5CVSS6AI score0.01915EPSS

CVE•added 2019/07/23 11:15 p.m.•128 views

CVE-2019-2767

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acc...

7.2CVSS6.2AI score0.53446EPSS

CVE•added 2023/01/18 12:15 a.m.•101 views

CVE-2023-21846

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise ...

8.8CVSS8.3AI score0.00559EPSS

CVE•added 2022/01/19 12:15 p.m.•97 views

CVE-2022-21346

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

7.5CVSS7.1AI score0.03861EPSS

CVE•added 2024/04/16 10:15 p.m.•85 views

CVE-2024-21082

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Success...

9.8CVSS7.4AI score0.00544EPSS

CVE•added 2022/07/19 10:15 p.m.•74 views

CVE-2022-21523

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI P...

4.3CVSS3.8AI score0.00362EPSS

CVE•added 2023/01/18 12:15 a.m.•72 views

CVE-2023-21832

8.8CVSS8.3AI score0.00559EPSS

CVE•added 2021/07/21 3:15 p.m.•70 views

CVE-2021-2400

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP ...

7.5CVSS7.1AI score0.32418EPSS

CVE•added 2022/10/18 9:15 p.m.•70 views

CVE-2022-21590

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Core Formatting API). Supported versions that are affected are 5.9.0.0, 6.4.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to comp...

7.6CVSS7.4AI score0.00183EPSS

CVE•added 2024/04/16 10:15 p.m.•62 views

CVE-2024-21083

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Script Engine). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Succes...

7.2CVSS7.8AI score0.00265EPSS

CVE•added 2024/04/16 10:15 p.m.•58 views

CVE-2024-21084

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Service Gateway). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Whil...

5.8CVSS5.8AI score0.00189EPSS

CVE•added 2021/07/21 3:15 p.m.•57 views

CVE-2021-2392

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

9CVSS8.2AI score0.02621EPSS

CVE•added 2021/07/21 3:15 p.m.•56 views

CVE-2021-2391

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Scheduler). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise ...

9CVSS8.3AI score0.0924EPSS

CVE•added 2023/04/18 8:15 p.m.•56 views

CVE-2023-21970

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Security). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require...

5.7CVSS5AI score0.00305EPSS

CVE•added 2021/07/21 3:15 p.m.•54 views

CVE-2021-2401

5.3CVSS4.4AI score0.17017EPSS

CVE•added 2023/10/17 10:15 p.m.•53 views

CVE-2023-22105

Vulnerability in the BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. Successful attacks requir...

5.4CVSS4.9AI score0.00098EPSS

CVE•added 2021/07/21 3:15 p.m.•51 views

CVE-2021-2396

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP t...

9CVSS8.3AI score0.0924EPSS

CVE•added 2025/04/15 9:16 p.m.•49 views

CVE-2025-30724

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Success...

7.5CVSS6.9AI score0.00055EPSS

CVE•added 2025/04/15 9:16 p.m.•48 views

CVE-2025-30723

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successf...

5.4CVSS4.8AI score0.00053EPSS

CVE•added 2019/10/16 6:15 p.m.•46 views

CVE-2019-2898

Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via ...

4.3CVSS4AI score0.00302EPSS

CVE•added 2020/07/15 6:15 p.m.•45 views

CVE-2020-14571

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

7.2CVSS6.6AI score0.00823EPSS

CVE•added 2020/07/15 6:15 p.m.•45 views

CVE-2020-14584

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI ...

8.2CVSS8.3AI score0.03174EPSS

CVE•added 2023/04/18 8:15 p.m.•45 views

CVE-2023-21941

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful...

4.3CVSS3.4AI score0.00271EPSS

CVE•added 2019/07/23 11:15 p.m.•44 views

CVE-2019-2768

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise B...

7.5CVSS7AI score0.01684EPSS

CVE•added 2019/07/23 11:15 p.m.•44 views

CVE-2019-2771

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

8.2CVSS7.3AI score0.00218EPSS

CVE•added 2020/07/15 6:15 p.m.•42 views

CVE-2020-14570

7.1CVSS7.1AI score0.02011EPSS

CVE•added 2020/07/15 6:15 p.m.•42 views

CVE-2020-14585

8.2CVSS8.3AI score0.02913EPSS

CVE•added 2024/01/16 10:15 p.m.•40 views

CVE-2024-20987

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks requ...

5.4CVSS4.9AI score0.00215EPSS

CVE•added 2024/10/15 8:15 p.m.•40 views

CVE-2024-21195

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Layout Templates). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publ...

7.6CVSS7.1AI score0.00189EPSS

CVE•added 2024/01/16 10:15 p.m.•37 views

CVE-2024-20979

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher....

5.4CVSS4.8AI score0.00188EPSS

CVE•added 2024/10/15 8:15 p.m.•37 views

CVE-2024-21254

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher....

8.8CVSS8.4AI score0.00373EPSS