CVE-2019-2767
published 2019-07-23CVE-2019-2767: Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version…
PriorityP277high7.2CVSS 3.0
AVNACLPRNUINSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
5.24%
91.5th percentile
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). While the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher (formerly XML Publisher) accessible data as well as unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | bi_publisher | — | — |
| oracle_corporation | bi_publisher | — | — |
| oracle_corporation | bi_publisher | — | — |
| oracle_corporation | bi_publisher | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/xmlpserver/convert?xml=%25sp%3b%25param1%3b]>&_xf=Excel&_xl=123&template=123
- →HTTP GET request to /xmlpserver/convert endpoint with URL-encoded XXE payload in the 'xml' parameter, combined with '_xf=Excel', '_xl=123', and 'template=123' query parameters — no authentication required
- →Successful exploitation confirmed via out-of-band HTTP interaction (OAST/interactsh); monitor for unexpected outbound HTTP callbacks originating from the BI Publisher server
- →Vulnerability is unauthenticated and exploitable over HTTP — no prior access or credentials needed; any unauthenticated request to /xmlpserver/convert with XML entity parameters should be treated as suspicious ↗
- ·Affected versions are strictly 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0 — detection should be scoped to these versions of Oracle BI Publisher ↗
- ·The vulnerability resides in the BI Publisher Security subcomponent; attacks may have scope impact on additional products beyond BI Publisher itself ↗
CVSS provenance
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
vulncheck7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9m8g-jq9x-h3f8: Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security)
ghsa_unreviewed·2022-05-24
CVE-2019-2767 [HIGH] GHSA-9m8g-jq9x-h3f8: Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security)
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). While the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher (formerly XML Publisher) accessible data as well as unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS
VulnCheck
BI Publisher Component of Oracle Fusion Middleware Unauthorized Update, Insert or Delete Vulnerability
vulncheck·2019·CVSS 7.2
CVE-2019-2767 [HIGH] BI Publisher Component of Oracle Fusion Middleware Unauthorized Update, Insert or Delete Vulnerability
BI Publisher Component of Oracle Fusion Middleware Unauthorized Update, Insert or Delete Vulnerability
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). While the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher (formerly XML Publisher) accessible data as well as unauthorized read access to a su
No detection rules found.
Nuclei
Oracle Business Intelligence Publisher - XML External Entity Injection
nuclei·CVSS 7.2
CVE-2019-2767 [HIGH] Oracle Business Intelligence Publisher - XML External Entity Injection
Oracle Business Intelligence Publisher - XML External Entity Injection
Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publisher.
Template:
id: CVE-2019-2767
info:
name: Oracle Business Intelligence Publisher - XML External Entity Injection
author: madrobot
severity: high
description: Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HT
Unit42
Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
blogs_unit42·2021-10-14
Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
## Executive Summary
Recently, Unit 42 has observed active exploits related to an open-source service called Interactsh. This tool can generate specific domain names to help its users test whether an exploit is successful. It can be used by researchers – but also by attackers – to validate vulnerabilities via real-time monitoring on the trace path for the domain. Researchers creating a proof of concept (PoC) for an exploit can insert Interactsh to check whether the PoC is working, but the service could also be used by attackers who want to be sure an exploit is working.
This blog will first introduce the Interactsh tool and how researchers or attackers can leverage it to perform vulnerability validation. We then describe some of the many exploits in the wild leveraging this tool, and we
Unit42
Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
blogs_unit42·2021-10-14
Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
Threat Research Center
Threat Research
Cybercrime
## Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
Yue Guan
Jin Chen
Leo Olson
Wayne Xin
Daiping Liu
Published: October 14, 2021
Cybercrime
Threat Research
Attack analysis
Exploit
Exploit in the wild
Interactsh
## Executive Summary
Recently, Unit 42 has observed active exploits related to an open-source service called Interactsh . This tool can generate specific domain names to help its users test whether an exploit is successful. It can be used by researchers – but also by attackers – to validate vulnerabilities via real-time monitoring on the trace path for the domain. Researchers creating a proof of concept (PoC) for an exploit can insert Interactsh to check whether the PoC
2019-07-23
Published
Exploited in the wild