CVE-2024-21254

Name of the Vulnerable Software and Affected Versions Oracle BI Publisher versions 7.0.0.0.0 through 12.2.1.4.0

Description The issue is related to a component of the Oracle BI Publisher, specifically the Web Server, and involves insufficient input validation leading to authorization bypass. This can be exploited by a remote attacker using the HTTP protocol to gain full control over the application. Successful attacks can result in the takeover of Oracle BI Publisher.

Recommendations For versions 7.0.0.0.0 through 12.2.1.4.0, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.