PT-2019-16464 · Oracle · Oracle Bi Publisher+1

Published

2019-07-23

Updated

2020-08-24

CVE-2019-2742

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware versions 11.1.1.9.0

Description The issue affects the Oracle BI Publisher component, specifically the Web Service API subcomponent. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks can result in unauthorized access to Oracle BI Publisher data, including update, insert, or delete access to some data and read access to a subset of data.

Recommendations For version 11.1.1.9.0, update to a version that includes the fix for this issue to prevent unauthorized access to Oracle BI Publisher data. As a temporary workaround, consider restricting access to the Web Service API to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-2742

Affected Products

Oracle Bi Publisher

Oracle Fusion Middleware

PT-2019-16464 · Oracle · Oracle Bi Publisher+1

CVE-2019-2742

Related Identifiers

Affected Products

References · 3