CVE-2019-2616 - Vulnerability Details

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). While the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher (formerly XML Publisher) accessible data as well as unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is in the KEV database since March 25, 2022.

Exploitation active

Automatable yes

Technical Impact partial

Vendors	Products
Oracle	Business Intelligence Publisher

Configuration 1 [-]

OR	cpe:2.3:a:oracle:business_intelligence_publisher:11.1.1.9.0:::::::*
	cpe:2.3:a:oracle:business_intelligence_publisher:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:business_intelligence_publisher:12.2.1.4.0:::::::*

No data.

References

Link	Providers
http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

History

Fri, 07 Feb 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_0 `{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N'}`	cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N'}`

Wed, 02 Oct 2024 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-03-25'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2019-04-23T18:16:41

Updated: 2024-10-02T13:30:35.073Z

Reserved: 2018-12-14T00:00:00

Link: CVE-2019-2616

Vulnrichment

Updated: 2024-08-04T18:56:44.851Z

NVD

Status : Analyzed

Published: 2019-04-23T19:32:51.537

Modified: 2025-02-07T14:51:17.940

Link: CVE-2019-2616

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Exploitation active

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object