CVE-2021-2013

Name of the Vulnerable Software and Affected Versions: Oracle BI Publisher versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0

Description: The issue is related to insufficient access control in the BI Publisher Security component of Oracle BI Publisher, allowing a remote attacker to modify, add, or delete data, or cause a denial of service using the HTTP protocol. This can result in unauthorized access to critical data, update, insert, or delete access to some data, and a partial denial of service.

Recommendations: For versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0, consider restricting access to the BI Publisher Security component until a patch is available. As a temporary workaround, limit network access via HTTP to the Oracle BI Publisher to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.