Is CVE-2019-2588 known to be exploited?

16 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Oracle Corporation Bi Publisher (Formerly Xml Publisher)

CVE-2019-2588

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vuln…

EPSS: 0.859 (99.4th percentile) — read the EPSS interpretation.

Affected products

Oracle Corporation Bi Publisher (Formerly Xml Publisher) — versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
StarCrossPortal/scalpel
anonymous364872/Rapier_
apif-review/APIF_
apit-review-account/apit-tool
d4n-sec/d4n-sec.github.io
lnick2023/nicenice

References

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-2588?: CVE-2019-2588 is a vulnerability in Oracle Corporation Bi Publisher (Formerly Xml Publisher). Published 2019-04-23.
Is CVE-2019-2588 known to be exploited?: 16 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.