Unauthenticated Access Vulnerability in Oracle Fusion Middleware BI Platform Security
CVE-2020-2531

3.1LOW

Key Information:

Vendor: Oracle
Status: Oracle Business Intelligence Enterprise Edition
Vendor: CVE Published:; 15 January 2020

Summary

This vulnerability affects Oracle Business Intelligence Enterprise Edition, specifically within the BI Platform Security component of Oracle Fusion Middleware. An unauthenticated attacker with HTTP network access could exploit this vulnerability to gain unauthorized read access to certain data within the Oracle Business Intelligence system. Notably, successful exploitation requires human interaction from a different user, which can increase the complexity of an attack. The affected versions include 12.2.1.3.0 and 12.2.1.4.0, and organizations using these versions should take immediate steps to mitigate potential risks.

Affected Version(s)

Oracle Business Intelligence Enterprise Edition 12.2.1.3.0

Oracle Business Intelligence Enterprise Edition 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019