Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-3473

CWE-200Information Exposure4 documents4 sources
Severity
7.7HIGH
EPSS
2.8%
top 13.89%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Business Intelligence Publisher
Timeline
PublishedOct 25
Latest updateMay 17

Description

Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 3.1 | Impact: 4.0

Affected Packages1 packages

NVDoracle/business_intelligence_publisher11.1.1.7.0, 11.1.1.9.0, 12.2.1.0.0+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-4xpm-jj66-x7r5: Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 112022-05-17
CVEList
CVE-2016-3473: Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 112016-10-25

💥Exploits & PoCs

1
Exploit-DB
Oracle BI Publisher 11.1.1.6.0/11.1.1.7.0/11.1.1.9.0/12.2.1.0.0 - XML External Entity Injection2016-10-20
CVE-2016-3473 (HIGH CVSS 7.7) | Unspecified vulnerability in the BI | cvebase.io