CVE-2021-2062

Name of the Vulnerable Software and Affected Versions: Oracle BI Publisher versions 5.5.0.0.0 through 5.5.0.0.0 Oracle BI Publisher versions 11.1.1.9.0 through 11.1.1.9.0 Oracle BI Publisher versions 12.2.1.3.0 through 12.2.1.4.0

Description: The issue is related to inadequate access control in the Web Server component of Oracle BI Publisher, allowing a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks require human interaction and may significantly impact additional products, resulting in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data, as well as unauthorized update, insert, or delete access to some data.

Recommendations: For Oracle BI Publisher version 5.5.0.0.0, update to a newer version to mitigate the risk. For Oracle BI Publisher version 11.1.1.9.0, update to a newer version to mitigate the risk. For Oracle BI Publisher versions 12.2.1.3.0 through 12.2.1.4.0, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the Web Server component until a patch is available.