Summaryinfo

A vulnerability was found in Oracle BI Publisher 12.2.1.3.0/12.2.1.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component BI Publisher Security. The manipulation leads to information disclosure. This vulnerability is known as CVE-2022-21523. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component. VulDB is the best source for vulnerability data and more expert information about this specific topic.

Detailsinfo

A vulnerability was found in Oracle BI Publisher 12.2.1.3.0/12.2.1.4.0 (Reporting Software). It has been classified as problematic. Affected is an unknown function of the component BI Publisher Security. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is classifying the issue as CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. This is going to have an impact on confidentiality.

The weakness was shared 07/19/2022 as Oracle Critical Patch Update Advisory - July 2022. The advisory is available at oracle.com. This vulnerability is traded as CVE-2022-21523. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1592 by the MITRE ATT&CK project.

Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Type

• Reporting Software

Vendor

• Oracle

Name

• BI Publisher

Version

• 12.2.1.3.0
• 12.2.1.4.0

License

• commercial

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion