Skip to main content

Bi Publisher

32 CVEs product

Monthly

CVE-2025-30724 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-30723 MEDIUM This Month

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Bi Publisher
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-21254 HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Bi Publisher
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-21195 HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Layout Templates). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Oracle Bi Publisher
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-21084 MEDIUM This Month

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Service Gateway). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Bi Publisher
NVD
CVSS 3.1
5.8
EPSS
0.4%
CVE-2024-21083 HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Script Engine). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Bi Publisher
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-21082 CRITICAL Act Now

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Oracle Bi Publisher
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-20987 MEDIUM PATCH This Month

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Bi Publisher
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-20979 MEDIUM PATCH This Month

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Bi Publisher
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-22105 MEDIUM PATCH This Month

Vulnerability in the BI Publisher product of Oracle Analytics (component: Web Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-21970 MEDIUM This Month

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Security). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2023-21941 MEDIUM This Month

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-21846 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-21832 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-21590 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Core Formatting API). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Denial Of Service Bi Publisher
NVD
CVSS 3.1
7.6
EPSS
0.6%
CVE-2021-2401 MEDIUM This Month

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle XXE Bi Publisher
NVD
CVSS 3.1
5.3
EPSS
84.8%
CVE-2021-2400 HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
7.5
EPSS
83.3%
CVE-2021-2396 HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Bi Publisher
NVD
CVSS 3.1
8.8
EPSS
35.7%
CVE-2021-2392 HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Bi Publisher
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2021-2391 HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Scheduler). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Bi Publisher
NVD
CVSS 3.1
8.8
EPSS
34.7%
CVE-2021-21346 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.8
EPSS
76.4%
CVE-2020-14585 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
8.2
EPSS
1.4%
CVE-2020-14584 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
8.2
EPSS
1.4%
CVE-2020-14571 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2020-14570 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2019-10219 Maven MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse Jboss Data Grid Jboss Enterprise Application Platform +184
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-2898 MEDIUM PATCH This Month

Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: BI Publisher Security). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Bi Publisher
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-2771 HIGH PATCH This Week

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Bi Publisher
NVD
CVSS 3.0
8.2
EPSS
1.0%
CVE-2019-2768 HIGH PATCH This Week

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Bi Publisher
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-2767 HIGH POC PATCH This Week

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Bi Publisher
NVD
CVSS 3.0
7.2
EPSS
5.2%
CVE-2019-11358 LIB MEDIUM POC PATCH THREAT This Month

{}, ...) because of Object.prototype pollution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Jquery Debian Linux Drupal +102
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
87.2%
CVE-2017-5645 Maven CRITICAL POC PATCH THREAT Act Now

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 94.0%.

Deserialization Apache RCE Log4J Oncommand Api Services +77
NVD
CVSS 3.1
9.8
EPSS
94.0%
Threat
6.3
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Oracle Authentication Bypass +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Bi Publisher
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Bi Publisher
NVD
EPSS 0% CVSS 7.6
HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Layout Templates). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Oracle +1
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Service Gateway). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Bi Publisher
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Script Engine). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Bi Publisher
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Oracle Bi Publisher
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Bi Publisher
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Bi Publisher
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the BI Publisher product of Oracle Analytics (component: Web Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Bi Publisher
NVD
EPSS 1% CVSS 5.7
MEDIUM This Month

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Security). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Bi Publisher
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Bi Publisher
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Bi Publisher
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Bi Publisher
NVD
EPSS 1% CVSS 7.6
HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Core Formatting API). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Denial Of Service +1
NVD
EPSS 85% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle XXE Bi Publisher
NVD
EPSS 83% CVSS 7.5
HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Bi Publisher
NVD
EPSS 36% CVSS 8.8
HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Bi Publisher
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Bi Publisher
NVD
EPSS 35% CVSS 8.8
HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Scheduler). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Bi Publisher
NVD
EPSS 76% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java +16
NVD GitHub
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Bi Publisher
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Bi Publisher
NVD
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse +186
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: BI Publisher Security). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Bi Publisher
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Bi Publisher
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Bi Publisher
NVD
EPSS 5% CVSS 7.2
HIGH POC PATCH This Week

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Bi Publisher
NVD
EPSS 87% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

{}, ...) because of Object.prototype pollution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Jquery +104
NVD GitHub Exploit-DB
EPSS 94% 6.3 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 94.0%.

Deserialization Apache RCE +79
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy