Oracle BI Publisher Web Service API Vulnerability Allowing Unauthorized Data Access

Vulnerability

A vulnerability has been identified in the Oracle BI Publisher component of Oracle Analytics, specifically in versions 7.6.0.0.0 and 8.2.0.0.0. This vulnerability, which resides in the Web Service API, is easily exploitable by low-privileged attackers with network access via HTTP. Successful exploitation can lead to unauthorized access to critical data or complete access to all data accessible through Oracle BI Publisher.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive data or complete access to all data within Oracle BI Publisher that is accessible to the user.

Added: Oct 21, 2025, 9:17 PM

Updated: Oct 21, 2025, 9:17 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle BI Publisher Web Service API Vulnerability Allowing Unauthorized Data Access

Vulnerability

Impact

Affected Products

Oracle BI Publisher

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating