Jang Laptop

**Name of the Vulnerable Software and Affected Versions** Oracle BI Publisher versions 5.5.0.0.0 through 12.2.1.4.0 **Description** The issue is related to insufficient input validation in the Oracle BI Publisher component of Oracle Fusion Middleware, specifically in the E-Business Suite - XDO reporting tools. This can be exploited by a remote attacker to gain unauthorized access to protected information via the HTTP protocol. Successful attacks may result in unauthorized access to critical data or complete access to all accessible data. **Recommendations** For versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0, consider restricting access to the Oracle BI Publisher component until a patch is available. As a temporary workaround, consider disabling the use of HTTP protocol for Oracle BI Publisher until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle BI Publisher versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 **Description** The issue is related to insufficient input validation in the Oracle BI Publisher product, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. **Recommendations** For versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0, update to a version that includes the fix for this issue to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.