CVE-2021-2392: 
Oracle Analytics Publisher vulnerability analysis and mitigation

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security) was discovered and disclosed in July 2021. The vulnerability affects versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0. This easily exploitable vulnerability allows low privileged attackers with network access via HTTP to compromise Oracle BI Publisher (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 8.8 (High) with the vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and requiring low privileges. The vulnerability impacts all three security aspects - Confidentiality, Integrity, and Availability (Oracle Advisory).

Successful exploitation of this vulnerability can result in complete takeover of Oracle BI Publisher. This means an attacker could potentially gain full control over the affected system, compromising the confidentiality, integrity, and availability of the application and its data (Oracle Advisory).

Oracle has released patches to address this vulnerability as part of the July 2021 Critical Patch Update. Organizations using affected versions of Oracle BI Publisher should apply these security patches as soon as possible to protect their systems (Oracle Advisory).