virus logo Intrusion Prevention

Oracle.BI.Publisher.CVE-2021-2401.XDO.XML.XXE

description-logoDescription

This indicates an attack attempt to exploit an External Entity Injection Vulnerability in Oracle Business Intelligence Enterprise Edition.
The vulnerability is due to insufficient handling of XML external entities in the XDO service. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could lead to the disclosure of file contents for any file readable by the target service.

affected-products-logoAffected Products

Oracle Business Intelligence Enterprise Edition 11.1.1.9.0
Oracle Business Intelligence Enterprise Edition 12.2.1.3.0
Oracle Business Intelligence Enterprise Edition 12.2.1.4.0
Oracle Business Intelligence Enterprise Edition 5.5.0.0.0

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.oracle.com/security-alerts/cpujul2021.html

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2021-09-08 18.155
Modified
 Default_action:pass:drop
2021-09-01 18.150
New
ID 50706
Created Aug 24, 2021
Updated Sep 08, 2021
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Exploit Prediction Score 2.96%
Default Action drop
Active
Affected OS All
Affected App Oracle
Profile Type Information Disclosure