Security for everyone

CVE-2019-2767 Scanner

Detects 'XML External Entity (XXE)' vulnerability in Oracle Corporation BI Publisher (formerly XML Publisher) affects v. 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0.

SCAN NOW

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

15 sec

Scan only one

Domain, Ipv4

Toolbox

-

Oracle Corporation's BI Publisher (formerly XML Publisher) is a powerful tool used for creating and managing business intelligence documents, such as reports, invoices, and statements. It is commonly utilized by businesses and organizations around the world to manage and streamline their financial and operational processes. With the ability to integrate with various data sources and output formats, BI Publisher allows users to easily generate and distribute custom reports and documents according to their specific needs.

However, a recently discovered vulnerability, CVE-2019-2767, has been detected in BI Publisher that may compromise the security of sensitive business data. This vulnerability can be easily exploited by an unauthenticated attacker with network access via HTTP, allowing them to gain unauthorized access to BI Publisher's accessible data. The vulnerability affects versions 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0 of BI Publisher.

If exploited, the CVE-2019-2767 vulnerability can lead to unauthorized update, insert, or delete access to BI Publisher's accessible data, as well as unauthorized read access to a subset of its data. This means that sensitive financial and operational information may be compromised, leading to severe consequences for businesses and organizations that rely on BI Publisher for their reporting needs. The CVSS 3.0 Base Score for this vulnerability is 7.2, with impacts on confidentiality and integrity.

Thanks to the pro features of the securityforeveryone.com platform, businesses and organizations can easily stay informed of vulnerabilities in their digital assets. The platform provides comprehensive vulnerability scanning and threat intelligence services, allowing users to detect and mitigate security risks before they can cause serious harm. By taking advantage of this powerful tool, businesses and organizations can ensure the safety and security of their critical data.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture