Lucene search

OracleCVE-2016-3474

HistoryJul 21, 2016 - 10:12 a.m.

CVE-2016-3474

2016-07-2110:12:27

oracle

web.nvd.nist.gov

cve-2016-3474

bi publisher

xml publisher

oracle fusion middleware

confidentiality

security

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.8

Confidence

Low

EPSS

0.002

Percentile

60.7%

JSON

Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality via vectors related to Security.

Affected configurations

Nvd

Node

oraclebusiness_intelligence_publisherMatch11.1.1.7.0

oraclebusiness_intelligence_publisherMatch11.1.1.9.0

oraclebusiness_intelligence_publisherMatch12.2.1.0.0

VendorProductVersionCPE
oraclebusiness_intelligence_publisher11.1.1.7.0cpe:2.3:a:oracle:business_intelligence_publisher:11.1.1.7.0:*:*:*:*:*:*:*
oraclebusiness_intelligence_publisher11.1.1.9.0cpe:2.3:a:oracle:business_intelligence_publisher:11.1.1.9.0:*:*:*:*:*:*:*
oraclebusiness_intelligence_publisher12.2.1.0.0cpe:2.3:a:oracle:business_intelligence_publisher:12.2.1.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	business_intelligence_publisher	11.1.1.7.0	cpe:2.3:a:oracle:business_intelligence_publisher:11.1.1.7.0:::::::*
oracle	business_intelligence_publisher	11.1.1.9.0	cpe:2.3:a:oracle:business_intelligence_publisher:11.1.1.9.0:::::::*
oracle	business_intelligence_publisher	12.2.1.0.0	cpe:2.3:a:oracle:business_intelligence_publisher:12.2.1.0.0:::::::*

References

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.securityfocus.com/bid/91787

www.securityfocus.com/bid/92027

www.securitytracker.com/id/1036370

Social References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.8

Confidence

Low

EPSS

0.002

Percentile

60.7%

JSON

Related for CVE-2016-3474