N/A

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

N/A

Oracle BI Publisher 安全漏洞

Oracle BI Publisher是美国甲骨文（Oracle）公司的一种报告解决方案，与传统报告工具相比，它可以更轻松、更快速地创作、管理和交付所有报告和文档。 Oracle BI Publisher 6.4.0.0.0版本、7.0.0.0.0版本、12.2.1.4.0版本存在安全漏洞。攻击者利用该漏洞可以获取数据的访问权限，并进行未经授权的更新、插入或删除操作。

N/A

N/A