CVE-2019-2588

MEDIUM EXPLOITED NUCLEI

Oracle Fusion Middleware - Unauthorized Access

Title source: llm

Description

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

Exploits (1)

exploitdb WORKING POC VERIFIED
by Vahagn Vardanyan · textwebappswindows
https://www.exploit-db.com/exploits/46728

Nuclei Templates (1)

Oracle Business Intelligence - Path Traversal
MEDIUMby madrobot

References (1)

Scores

CVSS v3 4.9
EPSS 0.8589
EPSS Percentile 99.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2024-01-22
Status published
Products (3)
oracle/business_intelligence_publisher 11.1.1.9.0
oracle/business_intelligence_publisher 12.2.1.3.0
oracle/business_intelligence_publisher 12.2.1.4.0
Published Apr 23, 2019
Tracked Since Feb 18, 2026