Oracle BI Publisher Web Server Vulnerability Allowing Unauthorized Data Access and Modification

Vulnerability

A vulnerability exists in Oracle BI Publisher, part of Oracle Analytics, specifically in the Web Server component. The issue affects versions 7.6.0.0.0, 8.2.0.0.0, and 12.2.1.4.0. This vulnerability allows a low-privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Exploitation of this vulnerability could lead to unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to all data accessible through Oracle BI Publisher.

Impact

Exploitation allows for unauthorized access to critical data and the ability to create, delete, or modify all data accessible in Oracle BI Publisher.

Added: Jul 15, 2025, 10:49 PM

Updated: Jul 15, 2025, 10:49 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle BI Publisher Web Server Vulnerability Allowing Unauthorized Data Access and Modification

Vulnerability

Impact

Affected Products

Oracle BI Publisher

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating