⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.
CVE-2019-2767
5 documents5 sources
Severity
7.2HIGH
EPSS
49.9%
top 2.19%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Timeline
PublishedJul 23
Latest updateMay 24
Description
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). While the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful a…
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.7
Affected Packages2 packages
▶CVEListV5oracle_corporation/bi_publisher_(formerly_xml_publisher)11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0+2
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-9m8g-jq9x-h3f8: Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security)↗2022-05-24
CVEList▶
CVE-2019-2767: Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security)↗2019-07-23
VulnCheck▶
BI Publisher Component of Oracle Fusion Middleware Unauthorized Update, Insert or Delete Vulnerability↗2019
💥Exploits & PoCs
1Nuclei▶
Oracle Business Intelligence Publisher - XML External Entity Injection