Oracle Bi Publisher vulnerabilities
36 known vulnerabilities affecting oracle/bi_publisher.
Total CVEs
36
CISA KEV
0
Public exploits
3
Exploited in wild
2
Severity breakdown
CRITICAL3HIGH20MEDIUM13
Vulnerabilities
Page 1 of 2
CVE-2025-61754MEDIUMCVSS 6.5v7.6.0.0.0v8.2.0.0.02025-10-21
CVE-2025-61754 [MEDIUM] CWE-267 CVE-2025-61754: Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Service API).
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Service API). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unaut
nvd
CVE-2025-50060HIGHCVSS 8.1v7.6.0.0.0v8.2.0.0.0+1 more2025-07-15
CVE-2025-50060 [HIGH] CWE-284 CVE-2025-50060: Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Suppo
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 7.6.0.0.0, 8.2.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result i
nvd
CVE-2025-30724HIGHCVSS 7.5v7.6.0.0.0v12.2.1.4.02025-04-15
CVE-2025-30724 [HIGH] CWE-200 CVE-2025-30724: Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Sup
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauth
nvd
CVE-2025-30723MEDIUMCVSS 5.4v7.6.0.0.0v12.2.1.4.02025-04-15
CVE-2025-30723 [MEDIUM] CVE-2025-30723: Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Sup
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized
nvd
CVE-2024-21254HIGHCVSS 8.8v7.0.0.0.0v7.6.0.0.0+1 more2024-10-15
CVE-2024-21254 [HIGH] CWE-862 CVE-2024-21254: Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Suppo
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result i
nvd
CVE-2024-21195HIGHCVSS 7.6v7.0.0.0.0v7.6.0.0.0+1 more2024-10-15
CVE-2024-21195 [HIGH] CWE-284 CVE-2024-21195: Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Layout Templates).
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Layout Templates). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can res
nvd
CVE-2024-21082CRITICALCVSS 9.8v7.0.0.0.0v12.2.1.4.02024-04-16
CVE-2024-21082 [CRITICAL] CWE-611 CVE-2024-21082: Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Sup
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in ta
nvd
CVE-2024-21083HIGHCVSS 7.2v7.0.0.0.0v12.2.1.4.02024-04-16
CVE-2024-21083 [HIGH] CWE-863 CVE-2024-21083: Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Script Engine). Su
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Script Engine). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeo
nvd
CVE-2024-21084MEDIUMCVSS 5.8v7.0.0.0.0v12.2.1.4.02024-04-16
CVE-2024-21084 [MEDIUM] CWE-284 CVE-2024-21084: Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Service Gateway).
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Service Gateway). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks
nvd
CVE-2024-20979MEDIUMCVSS 5.4v6.4.0.0.0v7.0.0.0.0+1 more2024-01-16
CVE-2024-20979 [MEDIUM] CWE-285 CVE-2024-20979: Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Suppo
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a
nvd
CVE-2024-20987MEDIUMCVSS 5.4v12.2.1.4.02024-01-16
CVE-2024-20987 [MEDIUM] CVE-2024-20987: Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). The
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker a
nvd
CVE-2023-22105MEDIUMCVSS 5.4v6.4.0.0.0v7.0.0.0.02023-10-17
CVE-2023-22105 [MEDIUM] CVE-2023-22105: Vulnerability in the BI Publisher product of Oracle Analytics (component: Web Server). Supported ve
Vulnerability in the BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker an
nvd
CVE-2023-21970MEDIUMCVSS 5.7v6.4.0.0.02023-04-18
CVE-2023-21970 [MEDIUM] CVE-2023-21970: Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Security). The su
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Security). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker. Su
nvd
CVE-2023-21941MEDIUMCVSS 4.3v6.4.0.0.0v12.2.1.4.02023-04-18
CVE-2023-21941 [MEDIUM] CVE-2023-21941: Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Suppo
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized re
nvd
CVE-2023-21846HIGHCVSS 8.8v5.9.0.0.0v6.4.0.0.0+1 more2023-01-18
CVE-2023-21846 [HIGH] CWE-284 CVE-2023-21846: Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security).
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle BI Publisher. Successful attacks of this vulnera
nvd
CVE-2023-21832HIGHCVSS 8.8v5.9.0.0.0v6.4.0.0.0+1 more2023-01-18
CVE-2023-21832 [HIGH] CWE-284 CVE-2023-21832: Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security).
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle BI Publisher. Successful attacks of this vulnera
nvd
CVE-2022-21590HIGHCVSS 7.6v5.9.0.0.0v6.4.0.0.0+2 more2022-10-18
CVE-2022-21590 [HIGH] CVE-2022-21590: Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Core Format
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Core Formatting API). Supported versions that are affected are 5.9.0.0, 6.4.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnera
nvd
CVE-2022-21523MEDIUMCVSS 4.3v12.2.1.3.0v12.2.1.4.02022-07-19
CVE-2022-21523 [MEDIUM] CVE-2022-21523: Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publishe
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can resul
nvd
CVE-2022-21346HIGHCVSS 7.5v5.5.0.0.0v12.2.1.3.0+1 more2022-01-19
CVE-2022-21346 [HIGH] CVE-2022-21346: Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publishe
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability
nvd
CVE-2021-2392HIGHCVSS 8.8v5.5.0.0.0v11.1.1.9.0+2 more2021-07-21
CVE-2021-2392 [HIGH] CVE-2021-2392: Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publishe
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vuln
nvd
1 / 2Next →