Unauthorized Access Vulnerability in Oracle BI Publisher by Oracle
CVE-2021-2062

7.6HIGH

Key Information:

Vendor: Oracle
Status: Bi Publisher (formerly Xml Publisher)
Vendor: CVE Published:; 20 January 2021

Summary

An exploitable vulnerability exists in Oracle BI Publisher, part of Oracle Fusion Middleware’s web server component, which allows an attacker with low privileges to compromise the product. Successful exploitation requires human interaction from a victim but can lead to unauthorized access to sensitive data and potentially allow attackers to update, insert or delete data within the affected Oracle BI Publisher instances. This vulnerability can have far-reaching impacts, affecting additional connected products and services.

Affected Version(s)

BI Publisher (formerly XML Publisher) 5.5.0.0.0

BI Publisher (formerly XML Publisher) 11.1.1.9.0

BI Publisher (formerly XML Publisher) 12.2.1.3.0

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020