CVE-2022-21523
First published: Tue Jul 19 2022(Updated: )
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle BI Publisher | =12.2.1.3.0 | |
| Oracle BI Publisher | =12.2.1.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-21523.
What is the affected software?
The affected software is Oracle BI Publisher version 12.2.1.3.0 and 12.2.1.4.0.
What is the severity of CVE-2022-21523?
The severity of CVE-2022-21523 is medium with a CVSS score of 4.3.
How can a low privileged attacker exploit CVE-2022-21523?
A low privileged attacker with network access via HTTP can exploit CVE-2022-21523.
How can I fix the vulnerability CVE-2022-21523?
To fix CVE-2022-21523, it is recommended to apply the necessary patches provided by Oracle.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/remedy
- agent/author
- agent/references
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/oracle
- canonical/oracle bi publisher
- version/oracle bi publisher/12.2.1.3.0
- version/oracle bi publisher/12.2.1.4.0