Oracle BI Publisher Vulnerability Affects Confidentiality, Integrity, and Availability
CVE-2024-21254

8.8HIGH

Key Information:

Vendor: Oracle
Status: Oracle Bi Publisher
Vendor: CVE Published:; 15 October 2024

Summary

The vulnerability impacts Oracle BI Publisher, a component of Oracle Analytics, specifically within its web server capabilities. Its nature allows low-privileged attackers, with network access via HTTP, to gain unauthorized access. This easiness of exploitation can lead to a full takeover of Oracle BI Publisher, raising significant security concerns. The supported affected versions include 7.0.0.0.0, 7.6.0.0.0, and 12.2.1.4.0, underscoring the need for immediate attention from users of these products. The incident highlights crucial risks concerning the confidentiality, integrity, and availability of data managed by Oracle BI Publisher.

Affected Version(s)

Oracle BI Publisher 7.0.0.0.0

Oracle BI Publisher 7.6.0.0.0

Oracle BI Publisher 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023