Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2019-2588
6 documents6 sources
Severity
4.9MEDIUM
EPSS
85.9%
top 0.61%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedApr 23
Latest updateMay 24
Description
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher (forme…
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6
Affected Packages2 packages
▶CVEListV5oracle_corporation/bi_publisher_(formerly_xml_publisher)11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0+2
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-3wwx-c927-c5wg: Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security)↗2022-05-24
CVEList▶
CVE-2019-2588: Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security)↗2019-04-23
💥Exploits & PoCs
2Exploit-DB
▶
Nuclei▶
Oracle Business Intelligence - Path Traversal