Oracle Fusion Middleware - BI Publisher Vulnerability
CVE-2020-14879

8.5HIGH

Key Information:

Vendor: Oracle
Status: Bi Publisher (formerly Xml Publisher)
Vendor: CVE Published:; 21 October 2020

Summary

The BI Publisher component of Oracle Fusion Middleware contains a vulnerability that can be easily exploited by low-privileged attackers with network access via HTTP. Although specifically within BI Publisher, exploitation of this vulnerability can have far-reaching consequences, impacting not just the BI Publisher but potentially other associated products. Attackers leveraging this flaw may gain unauthorized access to sensitive data, and they might be able to perform unauthorized updates, inserts, or deletions on accessible data within BI Publisher, threatening data confidentiality and integrity.

Affected Version(s)

BI Publisher (formerly XML Publisher) 5.5.0.0.0

BI Publisher (formerly XML Publisher) 11.1.1.9.0

BI Publisher (formerly XML Publisher) 12.2.1.3.0

References

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 21, 2020
Vulnerability Reserved
Jun 19, 2020