HTTP: Oracle Business Intelligence Publisher XDO XML External Entity Injection

This signature detects attempts to exploit a known vulnerability against Oracle Business Intelligence Publisher Enterprise. A successful attack can lead to sensitive information disclosure.

Extended Description

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Affected Products

Oracle bi_publisher

Short Name
HTTP:ORACLE:BIP-XDO-XXE
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Business CVE-2021-2400 CVE-2021-2401 Entity External Injection Intelligence Oracle Publisher XDO XML
Release Date
08/20/2021
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3590
False Positive
Rarely
Vendors

Oracle

CVSS Score

5.0

Found a potential security threat?