Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, and 10.1.3.3.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0989.
http://www.us-cert.gov/cas/techalerts/TA09-105A.html
http://www.securitytracker.com/id?1022055