cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-21083,https://securityvulnerability.io/vulnerability/CVE-2024-21083,Vulnerability in Oracle BI Publisher product of Oracle Analytics,"A high-privilege attacker with network access via HTTP can exploit a vulnerability in the Oracle BI Publisher component of Oracle Analytics. This vulnerability affects versions 7.0.0.0.0 and 12.2.1.4.0, allowing attackers to gain control over the Oracle BI Publisher system. Successful exploitation can lead to unauthorized access to sensitive data, potentially compromising the confidentiality, integrity, and availability of the BI Publisher service. Organizations using these versions are advised to apply necessary security patches to mitigate the risk.",Oracle,Bi Publisher (formerly Xml Publisher),7.2,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-04-16T22:15:00.000Z,0
CVE-2024-20980,https://securityvulnerability.io/vulnerability/CVE-2024-20980,Oracle BI Publisher Vulnerability Allows Low-Privileged Attacks on Data,"A vulnerability exists within the Oracle BI Publisher component of Oracle Analytics, specifically affecting versions 6.4.0.0.0 and 7.0.0.0.0. This vulnerability can be exploited by a low-privileged attacker who has network access through HTTP, requiring human interaction for successful exploitation. Although directly related to Oracle BI Publisher, the implications of this vulnerability extend to other products, highlighting a significant scope change. Successful exploitation can lead to unauthorized operations, impacting both the confidentiality and integrity of accessible data, allowing malicious actors to perform updates, inserts, or deletions, as well as gain unauthorized read access to data within Oracle BI Publisher.",Oracle,BI Publisher (formerly XML Publisher),5.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-17T01:50:21.994Z,0
CVE-2024-20987,https://securityvulnerability.io/vulnerability/CVE-2024-20987,Web Server Vulnerability in Oracle Analytics BI Publisher,"A vulnerability exists in the Oracle BI Publisher component of Oracle Analytics, which may allow a low-privilege attacker with network access via HTTP to compromise the system. Successful exploitation requires user interaction from someone other than the attacker, and while it primarily affects Oracle BI Publisher, the consequences can extend to additional products. Attackers could gain unauthorized access to update, insert, or delete data within Oracle BI Publisher and read certain accessible data unauthorizedly. This vulnerability demonstrates the need for enhanced security measures and awareness of potential attacks against web server components.",Oracle,BI Publisher (formerly XML Publisher),5.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-01-16T21:41:26.007Z,0
CVE-2024-20979,https://securityvulnerability.io/vulnerability/CVE-2024-20979,Server Vulnerability in Oracle Analytics' BI Publisher Product,"A vulnerability has been identified in Oracle BI Publisher, which is part of Oracle Analytics, that allows low privileged attackers with network access via HTTP to exploit the system. This vulnerability is concerning as it allows unauthorized actions, including updates and reads of sensitive data. Attackers may require human interaction to launch a successful exploit, expanding the potential impact beyond just Oracle BI Publisher itself. This vulnerability might lead to significant implications for any data handled by the accessible version of Oracle BI Publisher.",Oracle,BI Publisher (formerly XML Publisher),5.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-01-16T21:41:24.760Z,0
CVE-2023-22105,https://securityvulnerability.io/vulnerability/CVE-2023-22105,,"Vulnerability in the BI Publisher product of Oracle Analytics (component: Web Server).  Supported versions that are affected are 6.4.0.0.0 and  7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of BI Publisher accessible data as well as  unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Bi Publisher (formerly Xml Publisher),5.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-10-17T22:15:00.000Z,0
CVE-2023-21941,https://securityvulnerability.io/vulnerability/CVE-2023-21941,,Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server).  Supported versions that are affected are 6.4.0.0.0 and  12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,Oracle,Bi Publisher (formerly Xml Publisher),4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2023-04-18T20:15:00.000Z,0
CVE-2023-21970,https://securityvulnerability.io/vulnerability/CVE-2023-21970,,Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Security).   The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N).,Oracle,Bi Publisher (formerly Xml Publisher),5.7,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2023-04-18T20:15:00.000Z,0
CVE-2023-21846,https://securityvulnerability.io/vulnerability/CVE-2023-21846,Exploitable Vulnerability in Oracle BI Publisher by Oracle,"An exploitable security vulnerability exists in Oracle BI Publisher, part of Oracle Fusion Middleware. This issue affects versions 5.9.0.0.0, 6.4.0.0.0, and 12.2.1.4.0, allowing low privileged attackers with network access through various protocols to potentially compromise the system. A successful exploitation can result in unauthorized control of the Oracle BI Publisher, leading to significant risks to confidentiality, integrity, and availability.",Oracle,BI Publisher (formerly XML Publisher),8.8,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2023-01-18T00:15:00.000Z,0
CVE-2023-21832,https://securityvulnerability.io/vulnerability/CVE-2023-21832,Security Flaw in Oracle BI Publisher by Oracle,"A security vulnerability in Oracle BI Publisher allows a low-privileged attacker with network access to exploit the system via multiple protocols. This issue affects various supported versions and could lead to unauthorized takeover of Oracle BI Publisher, thereby compromising the confidentiality, integrity, and availability of sensitive data.",Oracle,BI Publisher (formerly XML Publisher),8.8,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2023-01-18T00:15:00.000Z,0
CVE-2022-21590,https://securityvulnerability.io/vulnerability/CVE-2022-21590,,"Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Core Formatting API). Supported versions that are affected are 5.9.0.0, 6.4.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).",Oracle,Bi Publisher (formerly Xml Publisher),7.6,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2022-10-18T00:00:00.000Z,0
CVE-2022-21523,https://securityvulnerability.io/vulnerability/CVE-2022-21523,,Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,Oracle,Bi Publisher (formerly Xml Publisher),4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2022-07-19T21:07:04.000Z,0
CVE-2022-21346,https://securityvulnerability.io/vulnerability/CVE-2022-21346,,"Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",Oracle,Bi Publisher (formerly Xml Publisher),7.5,HIGH,0.0012199999764561653,false,false,false,false,,false,false,2022-01-19T11:25:10.000Z,0
CVE-2021-2401,https://securityvulnerability.io/vulnerability/CVE-2021-2401,,"Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",Oracle,Bi Publisher (formerly Xml Publisher),5.3,MEDIUM,0.014220000244677067,false,false,false,false,,false,false,2021-07-20T22:44:15.000Z,0
CVE-2021-2400,https://securityvulnerability.io/vulnerability/CVE-2021-2400,,"Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",Oracle,Bi Publisher (formerly Xml Publisher),7.5,HIGH,0.005049999803304672,false,false,false,false,,false,false,2021-07-20T22:44:14.000Z,0
CVE-2021-2396,https://securityvulnerability.io/vulnerability/CVE-2021-2396,,"Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",Oracle,Bi Publisher (formerly Xml Publisher),8.8,HIGH,0.06870999932289124,false,false,false,false,,false,false,2021-07-20T22:44:10.000Z,0
CVE-2021-2392,https://securityvulnerability.io/vulnerability/CVE-2021-2392,,"Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",Oracle,Bi Publisher (formerly Xml Publisher),8.8,HIGH,0.08173999935388565,false,false,false,false,,false,false,2021-07-20T22:44:06.000Z,0
CVE-2021-2391,https://securityvulnerability.io/vulnerability/CVE-2021-2391,,"Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Scheduler). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",Oracle,Bi Publisher (formerly Xml Publisher),8.8,HIGH,0.08173999935388565,false,false,false,false,,false,false,2021-07-20T22:44:05.000Z,0
CVE-2021-2062,https://securityvulnerability.io/vulnerability/CVE-2021-2062,,"Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Web Server). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).",Oracle,Bi Publisher (formerly Xml Publisher),7.6,HIGH,0.0007099999929778278,false,false,false,false,,false,false,2021-01-20T14:50:06.000Z,0
CVE-2021-2051,https://securityvulnerability.io/vulnerability/CVE-2021-2051,,"Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).",Oracle,Bi Publisher (formerly Xml Publisher),7.6,HIGH,0.0008800000068731606,false,false,false,false,,false,false,2021-01-20T14:50:05.000Z,0
CVE-2021-2049,https://securityvulnerability.io/vulnerability/CVE-2021-2049,,"Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Administration). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).",Oracle,Bi Publisher (formerly Xml Publisher),7.6,HIGH,0.0008800000068731606,false,false,false,false,,false,false,2021-01-20T14:50:05.000Z,0
CVE-2021-2050,https://securityvulnerability.io/vulnerability/CVE-2021-2050,,"Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).",Oracle,Bi Publisher (formerly Xml Publisher),7.6,HIGH,0.0008800000068731606,false,false,false,false,,false,false,2021-01-20T14:50:05.000Z,0
CVE-2021-2013,https://securityvulnerability.io/vulnerability/CVE-2021-2013,,"Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).",Oracle,Bi Publisher (formerly Xml Publisher),7.6,HIGH,0.0008800000068731606,false,false,false,false,,false,false,2021-01-20T14:50:01.000Z,0
CVE-2020-14879,https://securityvulnerability.io/vulnerability/CVE-2020-14879,,"Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. While the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N).",Oracle,Bi Publisher (formerly Xml Publisher),8.5,HIGH,0.0009399999980814755,false,false,false,false,,false,false,2020-10-21T14:04:30.000Z,0
CVE-2020-14880,https://securityvulnerability.io/vulnerability/CVE-2020-14880,,"Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. While the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N).",Oracle,Bi Publisher (formerly Xml Publisher),8.5,HIGH,0.0009399999980814755,false,false,false,false,,false,false,2020-10-21T14:04:30.000Z,0
CVE-2020-14842,https://securityvulnerability.io/vulnerability/CVE-2020-14842,,"Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",Oracle,Bi Publisher (formerly Xml Publisher),8.2,HIGH,0.0027000000700354576,false,false,false,false,,false,false,2020-10-21T14:04:28.000Z,0