CVE-2024-21195
Oct. 18, 2024, 2:27 p.m.
Tags
CVSS Score
Products Impacted
| Vendor | Product | Versions |
|---|---|---|
| oracle |
|
|
Description
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Layout Templates). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).
Weaknesses
Date
Published: Oct. 15, 2024, 8:15 p.m.
Last Modified: Oct. 18, 2024, 2:27 p.m.
Status : Analyzed
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
secalert_us@oracle.com
CPEs
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| a | oracle | bi_publisher | 7.0.0.0.0 | / | / | / | / | / | / | / |
| a | oracle | bi_publisher | 7.6.0.0.0 | / | / | / | / | / | / | / |
| a | oracle | bi_publisher | 12.2.1.4.0 | / | / | / | / | / | / | / |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
Base Score
Exploitability Score
Impact Score
Base Severity
HIGHCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L