CVE-2019-2768
First published: Tue Jul 23 2019(Updated: )
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle BI Publisher | =11.1.1.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-2768?
CVE-2019-2768 is a vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware.
What is the affected software version of CVE-2019-2768?
The affected software version of CVE-2019-2768 is Oracle BI Publisher 11.1.1.9.0.
How severe is CVE-2019-2768?
CVE-2019-2768 has a severity score of 7.5 (high).
How can an attacker exploit CVE-2019-2768?
An unauthenticated attacker with network access via HTTP can exploit CVE-2019-2768.
Is there a reference for CVE-2019-2768?
Yes, you can find more information about CVE-2019-2768 at http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/references
- agent/severity
- agent/remedy
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/oracle
- canonical/oracle bi publisher
- version/oracle bi publisher/11.1.1.9.0