CVE-2021-2400

Name of the Vulnerable Software and Affected Versions Oracle BI Publisher versions 5.5.0.0.0 through 12.2.1.4.0

Description The issue is related to insufficient input validation in the Oracle BI Publisher component of Oracle Fusion Middleware, specifically in the E-Business Suite - XDO reporting tools. This can be exploited by a remote attacker to gain unauthorized access to protected information via the HTTP protocol. Successful attacks may result in unauthorized access to critical data or complete access to all accessible data.

Recommendations For versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0, consider restricting access to the Oracle BI Publisher component until a patch is available. As a temporary workaround, consider disabling the use of HTTP protocol for Oracle BI Publisher until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.