QID 375425

Oracle BI Publisher is a strategic enterprise reporting product from Oracle that provides the ability to create and manage highly formatted reports from a wide range of data sources.

CVE-2020-14880: Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0.
CVE-2020-14784: Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0
CVE-2020-14842: Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security)
CVE-2020-14780: Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security)
CVE-2020-14879: Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO)
CVE-2019-11358: Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security (jQuery)).

Affected Version:
Oracle BI Publisher Versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0

Detection Logic(Authenticated):
This QID will check the version detail from registry value. NOTE: Oracle BI Publisher version 5.5.0.0.0 is not supported in this QID.

Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data.