cnvd - cnvd-2022-52563

cnvd-2022-52563

Vulnerability from cnvd

Title

Oracle BI Publisher输入验证错误漏洞

Description

Oracle BI Publisher是美国甲骨文（Oracle）公司的一种报告解决方案，与传统报告工具相比，它可以更轻松、更快速地创作、管理和交付所有报告和文档。 Oracle BI Publisher存在输入验证错误漏洞，该漏洞源于 Oracle BI Publisher中的BI Publisher 安全组件中的输入验证错误。远程未经身份验证的攻击者可以利用该漏洞访问敏感信息。

Severity

中

Patch Name

Oracle BI Publisher输入验证错误漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.oracle.com/security-alerts/cpujan2022.html?3240

Reference

https://nvd.nist.gov/vuln/detail/CVE-2022-21346

Impacted products

Name
['Oracle Oracle BI Publisher 12.2.1.3.0', 'Oracle Oracle BI Publisher 12.2.1.4.0', 'Oracle Oracle BI Publisher 5.5.0.0.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-21346",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-21346"
    }
  },
  "description": "Oracle BI Publisher\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u79cd\u62a5\u544a\u89e3\u51b3\u65b9\u6848\uff0c\u4e0e\u4f20\u7edf\u62a5\u544a\u5de5\u5177\u76f8\u6bd4\uff0c\u5b83\u53ef\u4ee5\u66f4\u8f7b\u677e\u3001\u66f4\u5feb\u901f\u5730\u521b\u4f5c\u3001\u7ba1\u7406\u548c\u4ea4\u4ed8\u6240\u6709\u62a5\u544a\u548c\u6587\u6863\u3002\n\nOracle BI Publisher\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e Oracle BI Publisher\u4e2d\u7684BI Publisher \u5b89\u5168\u7ec4\u4ef6\u4e2d\u7684\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u3002 \u8fdc\u7a0b\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.oracle.com/security-alerts/cpujan2022.html?3240",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-52563",
  "openTime": "2022-07-20",
  "patchDescription": "Oracle BI Publisher\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u79cd\u62a5\u544a\u89e3\u51b3\u65b9\u6848\uff0c\u4e0e\u4f20\u7edf\u62a5\u544a\u5de5\u5177\u76f8\u6bd4\uff0c\u5b83\u53ef\u4ee5\u66f4\u8f7b\u677e\u3001\u66f4\u5feb\u901f\u5730\u521b\u4f5c\u3001\u7ba1\u7406\u548c\u4ea4\u4ed8\u6240\u6709\u62a5\u544a\u548c\u6587\u6863\u3002\r\n\r\nOracle BI Publisher\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e Oracle BI Publisher\u4e2d\u7684BI Publisher \u5b89\u5168\u7ec4\u4ef6\u4e2d\u7684\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u3002 \u8fdc\u7a0b\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle BI Publisher\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Oracle Oracle BI Publisher 12.2.1.3.0",
      "Oracle Oracle BI Publisher 12.2.1.4.0",
      "Oracle Oracle BI Publisher 5.5.0.0.0"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-21346",
  "serverity": "\u4e2d",
  "submitTime": "2022-01-21",
  "title": "Oracle BI Publisher\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2022-21346 (GCVE-0-2022-21346)

Vulnerability from cvelistv5

Published

2022-01-19 11:25

Modified

2024-09-24 20:20

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data.

Summary

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

References

URL

Tags

	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-22-123/	x_refsource_MISC