Unauthenticated Network Exploit in Oracle Business Intelligence Enterprise Edition by Oracle
CVE-2020-2537

7.1HIGH

Key Information:

Vendor: Oracle
Status: Oracle Business Intelligence Enterprise Edition
Vendor: CVE Published:; 15 January 2020

What is CVE-2020-2537?

An unauthenticated vulnerability in Oracle Business Intelligence Enterprise Edition allows a network-based attacker to exploit the system via HTTP. This exploit requires human interaction from a third party and can lead to unauthorized access, including the ability to update, insert, or delete data. Additionally, it poses a risk of unauthorized data reading and the potential for a partial denial of service (DoS). The issue primarily affects Oracle Business Intelligence Enterprise Edition but can also impact related products.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Oracle Business Intelligence Enterprise Edition 12.2.1.3.0

Oracle Business Intelligence Enterprise Edition 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019

JSON

Oracle