CVE-2019-2771

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware versions 11.1.1.9.0 and 12.2.1.3.0

Description The issue affects the BI Publisher component of Oracle Fusion Middleware, allowing a low-privileged attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. This can result in unauthorized creation, deletion, or modification access to critical data, unauthorized read access to a subset of BI Publisher accessible data, and unauthorized ability to cause a partial denial of service of BI Publisher.

Recommendations For version 11.1.1.9.0, update to a version that includes a fix for this issue. For version 12.2.1.3.0, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the BI Publisher component to minimize the risk of exploitation.