PT-2025-29616 · Oracle · Oracle Bi Publisher 8.2.0.0.0+2
Published
2025-07-15
·
Updated
2025-07-24
·
CVE-2025-50060
CVSS v2.0
8.5
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle BI Publisher versions 7.6.0.0.0
Oracle BI Publisher versions 8.2.0.0.0
Oracle BI Publisher versions 12.2.1.4.0
Description
A vulnerability exists within the Oracle BI Publisher product of Oracle Analytics (Web Server component) that allows a low-privileged attacker with network access via HTTP to compromise the system. Successful exploitation may lead to unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to all Oracle BI Publisher accessible data.
Recommendations
Update Oracle BI Publisher version 7.6.0.0.0 to a newer, fixed version.
Update Oracle BI Publisher version 8.2.0.0.0 to a newer, fixed version.
Update Oracle BI Publisher version 12.2.1.4.0 to a newer, fixed version.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Bi Publisher 12.2.1.4.0
Oracle Bi Publisher 7.6.0.0.0
Oracle Bi Publisher 8.2.0.0.0