Security Vulnerability in Oracle BI Publisher of Oracle Analytics
CVE-2023-21970

5.7MEDIUM

Key Information:

Vendor: Oracle
Status: Bi Publisher (formerly Xml Publisher)
Vendor: CVE Published:; 18 April 2023

What is CVE-2023-21970?

A vulnerability exists in the Oracle BI Publisher component of Oracle Analytics that can be exploited by a low privileged attacker with network access via HTTP. This vulnerability allows unauthorized access to sensitive data and could lead to complete access to all data accessible through Oracle BI Publisher. Successful exploitation requires human interaction from an individual other than the attacker, raising concerns about data confidentiality and access control. Organizations must take precautionary measures to mitigate such risks and protect sensitive information.

Affected Version(s)

BI Publisher (formerly XML Publisher) 6.4.0.0.0

References

https://www.oracle.com/security-alerts/cpuapr2023.html

vendor-advisory

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Dec 17, 2022