CVE-2024-21083: 
Oracle Analytics Publisher vulnerability analysis and mitigation

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Script Engine). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. This is an easily exploitable vulnerability that allows high privileged attackers with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 7.2 (High) with Confidentiality, Integrity and Availability impacts. The CVSS Vector is (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating network-based attack vector, low attack complexity, requires high privileges, no user interaction, and affects confidentiality, integrity, and availability (NVD).

Successful exploitation of this vulnerability can result in complete takeover of Oracle BI Publisher, potentially compromising the confidentiality, integrity, and availability of the system. The high CVSS score indicates serious potential impact on the affected systems (Oracle CPU).

Oracle has released patches for this vulnerability as part of the April 2024 Critical Patch Update. Organizations running affected versions (7.0.0.0.0 and 12.2.1.4.0) should apply these security patches as soon as possible to protect against potential exploitation (Oracle CPU).