Vulnerability in Oracle BI Publisher Affects Oracle Analytics Products
CVE-2024-21195

7.6HIGH

Key Information:

Vendor: Oracle
Status: Oracle Bi Publisher
Vendor: CVE Published:; 15 October 2024

Summary

The vulnerability in Oracle BI Publisher, part of Oracle Analytics, allows a low-privileged attacker with network access through HTTP to exploit the system. This easily exploitable vulnerability can lead to unauthorized access to sensitive data and the ability to perform updates, inserts, or deletions on accessible data. Additionally, attackers can potentially cause a partial denial of service (DOS) of Oracle BI Publisher, impacting its availability. The affected versions include Oracle BI Publisher 7.0.0.0.0, 7.6.0.0.0, and 12.2.1.4.0, highlighting significant security implications for users of these software versions.

Affected Version(s)

Oracle BI Publisher 7.0.0.0.0

Oracle BI Publisher 7.6.0.0.0

Oracle BI Publisher 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023