Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveOracleCVE-2024-20979
HistoryJan 16, 2024 - 10:15 p.m.

CVE-2024-20979

2024-01-1622:15:44
oracle
web.nvd.nist.gov
19
oracle
bi publisher
oracle analytics
web server
vulnerability
cve-2024-20979
nvd
security
exploitable
cvss 3.1
unauthorized access

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

0

Percentile

14.0%

JSON

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).

Affected configurations

Nvd
Vulners
Node
oraclebi_publisherMatch6.4.0.0.0
OR
oraclebi_publisherMatch7.0.0.0.0
OR
oraclebi_publisherMatch12.2.1.4.0
VendorProductVersionCPE
oraclebi_publisher6.4.0.0.0cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*
oraclebi_publisher7.0.0.0.0cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
oraclebi_publisher12.2.1.4.0cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Oracle Corporation",
    "product": "BI Publisher (formerly XML Publisher)",
    "versions": [
      {
        "version": "6.4.0.0.0",
        "status": "affected"
      },
      {
        "version": "7.0.0.0.0",
        "status": "affected"
      },
      {
        "version": "12.2.1.4.0",
        "status": "affected"
      }
    ]
  }
]

Related

cvelist 1
prion 1
nvd 1
nessus 2
oracle 1
cvelist
cvelist
CVE-2024-20979
2024-01-16 21:41:24
prion
prion
Design/Logic Flaw
2024-01-16 22:15:00
nvd
nvd
CVE-2024-20979
2024-01-16 22:15:44
nessus
nessus
Oracle Business Intelligence Publisher 6.4 / 7.0 (OAS) (January 2024 CPU)
2024-01-29 00:00:00
Oracle Business Intelligence Publisher (January 2024 CPU)
2024-01-29 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

0

Percentile

14.0%

JSON
Related for CVE-2024-20979
cvelist1prion1nvd1nessus2oracle1