CVE-2016-3473

HIGH

Oracle BI Publisher - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-3473. PoCs published by Jakub Palaczynski.

AI-analyzed exploit summary This exploit demonstrates an XML External Entity (XXE) injection vulnerability in Oracle BI Publisher. It leverages two SOAP actions (`replyToXML` and `replyToXMLWithContext`) to trigger the XXE, allowing an attacker to read arbitrary files or perform SSRF attacks without authentication.

Description

Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors.

Exploits (1)

exploitdb WORKING POC

by Jakub Palaczynski · textwebappsxml

https://www.exploit-db.com/exploits/40590

View Code ZIP pw:eip

This exploit demonstrates an XML External Entity (XXE) injection vulnerability in Oracle BI Publisher. It leverages two SOAP actions (`replyToXML` and `replyToXMLWithContext`) to trigger the XXE, allowing an attacker to read arbitrary files or perform SSRF attacks without authentication.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Oracle BI Publisher (11.1.1.6.0, 11.1.1.7.0, 11.1.1.9.0, 12.2.1.0.0)

No auth needed

Prerequisites: Network access to the vulnerable Oracle BI Publisher instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1213 - Data from Information Repositories

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40590/

Patch, Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/93719

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1037051

Scores

CVSS v3 7.7

EPSS 0.1395

EPSS Percentile 96.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (3)

oracle/business_intelligence_publisher 11.1.1.7.0

oracle/business_intelligence_publisher 11.1.1.9.0

oracle/business_intelligence_publisher 12.2.1.0.0

Published Oct 25, 2016

Tracked Since Feb 18, 2026