Oracle Business Intelligence AuthBypass CVE-2019-2768

Description

XMLPService service of Oracle Business Intelligence has the authentication bypass vulnerability. Therefore, an attacker can interact with the server as an administrator and install additional plugins, which may lead to takeover of the server.

Remediation

Upgrade to the latest version of Oracle Business Intelligence. This issue was fixed in Oracle Critical Patch Update - July 2019

References

Oracle Critical Patch Update Advisory - July 2019

Related Vulnerabilities

Django Improper Input Validation Vulnerability (CVE-2023-31047)

Osclass Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-8083)

SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-0920)

MySQL CVE-2022-21308 Vulnerability (CVE-2022-21308)

OpenSSL Improper Input Validation Vulnerability (CVE-2009-3245)

Severity

High

Classification

CVE-2019-2768 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N