Oracle BI Publisher XML Services Vulnerability Allowing Unauthorized Data Modification and Partial Denial-of-Service

Vulnerability

A vulnerability exists in Oracle BI Publisher, part of Oracle Analytics, specifically within the XML Services component. This issue affects versions 7.6.0.0.0 and 12.2.1.4.0. The vulnerability allows a low-privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Exploitation of this vulnerability could lead to unauthorized modifications, additions, or deletions of certain data accessible within Oracle BI Publisher, as well as the unauthorized ability to cause a partial denial-of-service on the application.

Impact

Exploitation of this vulnerability could result in unauthorized data modifications, including updates, inserts, or deletions, of certain Oracle BI Publisher accessible data. Additionally, it could cause a partial denial-of-service on Oracle BI Publisher.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.3

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.3

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle BI Publisher XML Services Vulnerability Allowing Unauthorized Data Modification and Partial Denial-of-Service

Vulnerability

Impact

Affected Products

Oracle BI Publisher

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating