Oracle BI Publisher 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 BI Publisher Security Local Privilege Escalation

Summaryinfo

A vulnerability has been found in Oracle BI Publisher 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 and classified as critical. Affected is an unknown function of the component BI Publisher Security. Performing a manipulation results in an unknown weakness. This vulnerability is known as CVE-2019-2601. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

Detailsinfo

A vulnerability classified as critical has been found in Oracle BI Publisher 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 (Reporting Software). This affects an unknown part of the component BI Publisher Security. This is going to have an impact on confidentiality, and integrity.

The weakness was published 04/16/2019 as Oracle Critical Patch Update Advisory - April 2019 as confirmed advisory (Website). The advisory is shared at oracle.com. This vulnerability is uniquely identified as CVE-2019-2601. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available.

Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Similar entries are available at VDB-133580, VDB-133572, VDB-133573 and VDB-133574. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Reporting Software

Vendor

• Oracle

Name

• BI Publisher

Version

• 11.1.1.9.0
• 12.2.1.3.0
• 12.2.1.4.0

License

• commercial

Website

• Vendor: https://www.oracle.com

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion