Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.oracle.com/security-alerts/cpuapr2024.html |
History
Thu, 05 Dec 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-noinfo |
MITRE
Status: PUBLISHED
Assigner: oracle
Published: 2024-04-16T21:26:26.055Z
Updated: 2024-08-01T22:13:42.356Z
Reserved: 2023-12-07T22:28:10.668Z
Link: CVE-2024-21082
Vulnrichment
Updated: 2024-08-01T22:13:42.356Z
NVD
Status : Analyzed
Published: 2024-04-16T22:15:27.780
Modified: 2024-12-05T15:17:52.217
Link: CVE-2024-21082
Redhat
No data.