Unauthorized Access Vulnerability in Oracle Business Intelligence Enterprise Edition
CVE-2020-14609

8.6HIGH

Key Information:

Vendor: Oracle
Status: Oracle Business Intelligence Enterprise Edition
Vendor: CVE Published:; 15 July 2020

Summary

An improper access control vulnerability in Oracle Business Intelligence Enterprise Edition allows an unauthenticated attacker with HTTP network access to exploit the system. Affected versions enable remote attackers to obtain unauthorized access to sensitive data, perform unapproved updates, inserts, or deletions of data, and potentially lead to a partial denial of service. Organizations utilizing these versions should take immediate action to secure their environments and patch vulnerable deployments.

Affected Version(s)

Oracle Business Intelligence Enterprise Edition 5.5.0.0.0

Oracle Business Intelligence Enterprise Edition 11.1.1.9.0

Oracle Business Intelligence Enterprise Edition 12.2.1.3.0

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020