CVE-2024-21082

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21082
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpuapr2024.html Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2024.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
History

26 Mar 2025, 20:15

Type Values Removed Values Added
CWE CWE-611

05 Dec 2024, 15:17

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
References () https://www.oracle.com/security-alerts/cpuapr2024.html - () https://www.oracle.com/security-alerts/cpuapr2024.html - Vendor Advisory
First Time Oracle
Oracle bi Publisher

21 Nov 2024, 08:53

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en el producto Oracle BI Publisher de Oracle Analytics (componente: Servicios XML). Las versiones compatibles que se ven afectadas son 7.0.0.0.0 y 12.2.1.4.0. Una vulnerabilidad fácilmente explotable permite que un atacante no autenticado con acceso a la red a través de HTTP comprometa Oracle BI Publisher. Los ataques exitosos a esta vulnerabilidad pueden resultar en la adquisición de Oracle BI Publisher. CVSS 3.1 Puntuación base 9,8 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References () https://www.oracle.com/security-alerts/cpuapr2024.html - () https://www.oracle.com/security-alerts/cpuapr2024.html -

16 Apr 2024, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-16 22:15

Updated : 2025-03-26 20:15

NVD link : CVE-2024-21082

Mitre link : CVE-2024-21082

CVE.ORG link : CVE-2024-21082

JSON object : View

Products Affected

oracle

  • bi_publisher
CWE
NVD-CWE-noinfo CWE-611

Improper Restriction of XML External Entity Reference