CVE-2022-21590

Name of the Vulnerable Software and Affected Versions Oracle BI Publisher versions 5.9.0.0, 6.4.0.0.0, 12.2.1.3.0, 12.2.1.4.0

Description The issue affects the Core Formatting API component of Oracle BI Publisher in Oracle Fusion Middleware. It allows a low-privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks can result in unauthorized access to critical data, complete access to all Oracle BI Publisher accessible data, unauthorized update, insert, or delete access to some Oracle BI Publisher accessible data, and the ability to cause a partial denial of service of Oracle BI Publisher.

Recommendations For versions 5.9.0.0, 6.4.0.0.0, 12.2.1.3.0, and 12.2.1.4.0, consider restricting access to the Core Formatting API until a patch is available. As a temporary workaround, consider disabling the HTTP access to Oracle BI Publisher until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.