Oracle Fusion Middleware - BI Publisher Vulnerability
CVE-2020-14879

8.5HIGH

Key Information:

Vendor: Oracle
Status: Bi Publisher (formerly Xml Publisher)
Vendor: CVE Published:; 21 October 2020

What is CVE-2020-14879?

The BI Publisher component of Oracle Fusion Middleware contains a vulnerability that can be easily exploited by low-privileged attackers with network access via HTTP. Although specifically within BI Publisher, exploitation of this vulnerability can have far-reaching consequences, impacting not just the BI Publisher but potentially other associated products. Attackers leveraging this flaw may gain unauthorized access to sensitive data, and they might be able to perform unauthorized updates, inserts, or deletions on accessible data within BI Publisher, threatening data confidentiality and integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BI Publisher (formerly XML Publisher) 5.5.0.0.0

BI Publisher (formerly XML Publisher) 11.1.1.9.0

BI Publisher (formerly XML Publisher) 12.2.1.3.0

References

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 21, 2020
Vulnerability Reserved
Jun 19, 2020

JSON

Oracle