CVE-2019-2768
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- December 14, 2018
- Published Date
- July 23, 2019
- Last Updated
- October 15, 2024
- Vendor
- Oracle Corporation
- Product
- BI Publisher (formerly XML Publisher)
- Description
- Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVSS Scores
CVSS v3.0
7.5 - HIGH
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v2.0
5.0
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS Score
- Score
- 1.68% (Percentile: 81.42%) as of 2025-07-29
SSVC Information
- Exploitation
- none
- Automatable
- Yes
- Technical Impact
- partial
Exploit Status
- Exploited in the Wild
- Yes (2025-07-15 00:00:00 UTC) Source
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| The Shadowserver (via CIRCL) | 2025-07-16 12:00:20 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel