- Home
- CVEs with nessus.description==The version of Oracle Business Intelligence Publisher running on the
remote host is 11.1.1.7.x prior to 11.1.1.7.181016, 11.1.1.9.x prior
to 11.1.1.9.181016, 12.2.1.3.x prior to 12.2.1.3.181016, or
12.2.1.4.x prior to 12.2.1.4.181016. It is, therefore, affected by
multiple vulnerabilities as noted in the October 2018 Critical
Patch Update advisory:
- A deserialization vulnerability exists in Apache Log4j
2.x before 2.8.2. An unauthenticated, remote attacker
can exploit this, via a specially crafted binary, to
execute arbitrary code on the target host
(CVE-2017-5645).
- An information disclosure vulnerability exists in
Analytics Server, Oracle BI Publisher.Supported version
affected is 12.2.1.3.0 An unauthenticated, remote
attacker can exploit this, via HTTP, to disclose
potentially sensitive information. Successful attacks
require human interaction from a person other than the
attacker and while the vulnerability is in Oracle
Business Intelligence Enterprise Edition, attacks may
significantly impact additional products
(CVE-2018-3204).
- A deserialization vulnerability exists in Apache Batik
1.x before 1.10 due to subclass of `AbstractDocument`.
An unauthenticated, remote attacker can exploit this,
via deserializing subclass of `AbstractDocument`, to
execute arbitrary code on the target host
(CVE-2018-8013).
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top