CVE-2024-21083

Name of the Vulnerable Software and Affected Versions Oracle BI Publisher versions 7.0.0.0.0 through 12.2.1.4.0

Description The issue is related to insufficient input validation in the Script Engine component of Oracle BI Publisher, allowing a high-privileged attacker with network access via HTTP to compromise the system. Successful attacks can result in the takeover of Oracle BI Publisher. The vulnerability is easily exploitable and can be used by an attacker to execute arbitrary code.

Recommendations For versions 7.0.0.0.0 through 12.2.1.4.0, consider disabling the Script Engine component until a patch is available to prevent exploitation. Restrict access to the Script Engine component to minimize the risk of exploitation. Avoid using the Oracle BI Publisher product until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.