CVE-2019-17566 in Business Intelligence Enterprise Editioninfo

Summary

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

10/14/2019

Disclosure

11/12/2020

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
190974	Oracle Business Intelligence Enterprise Edition Analytics Web Answers input validation	20	Not defined	Official fix	CVE-2019-17566
179132	Oracle Hyperion Financial Reporting Apache Batik input validation	20	Not defined	Official fix	CVE-2019-17566
178977	Oracle Communications Offline Mediation Controller Apache Batik server-side request forgery	918	Not defined	Official fix	CVE-2019-17566
173553	Oracle JD Edwards EnterpriseOne Tools Web Runtime server-side request forgery	918	Not defined	Official fix	CVE-2019-17566
173541	Oracle Hospitality OPERA 5 Integration server-side request forgery	918	Not defined	Official fix	CVE-2019-17566
173510	Oracle Fusion Middleware MapViewer Install server-side request forgery	918	Not defined	Official fix	CVE-2019-17566
173503	Oracle API Gateway server-side request forgery	918	Not defined	Official fix	CVE-2019-17566
173480	Oracle Financial Services Analytical Applications Infrastructure Rate Management server-side request forgery	918	Not defined	Official fix	CVE-2019-17566
168415	Oracle Retail Order Broker System Administration server-side request forgery	918	Not defined	Official fix	CVE-2019-17566
168414	Oracle Retail Integration Bus RIB Kernal server-side request forgery	918	Not defined	Official fix	CVE-2019-17566
168307	Oracle Enterprise Repository Security server-side request forgery	918	Not defined	Official fix	CVE-2019-17566
168179	Oracle Instantis EnterpriseTrack Dashboard module server-side request forgery	918	Not defined	Official fix	CVE-2019-17566
168171	Oracle Communications Application Session Controller Apache Batik server-side request forgery	918	Not defined	Official fix	CVE-2019-17566
168160	Oracle Communications MetaSolv Solution Print Preview server-side request forgery	918	Not defined	Official fix	CVE-2019-17566
164790	Apache Batik GET Request server-side request forgery	918	Not defined	Not defined	CVE-2019-17566

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!