Unauthenticated Access Vulnerability in Oracle Business Intelligence Enterprise Edition
CVE-2022-21421

7.5HIGH

Key Information:

Vendor: Oracle
Status: Business Intelligence Enterprise Edition
Vendor: CVE Published:; 19 April 2022

Summary

A significant vulnerability exists in Oracle Business Intelligence Enterprise Edition that allows unauthenticated attackers with network access via HTTP to gain unauthorized access to sensitive data. Attackers can exploit this weakness to retrieve critical information without needing valid credentials. This poses a serious risk, as successful exploitation can lead to complete access to all accessible data within the Oracle Business Intelligence ecosystem. Organizations utilizing the affected versions should prioritize patching and implementing security measures to mitigate these risks.

Affected Version(s)

Business Intelligence Enterprise Edition 5.5.0.0.0

Business Intelligence Enterprise Edition 5.9.0.0.0

Business Intelligence Enterprise Edition 12.2.1.3.0

References

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2022
Vulnerability Reserved
Nov 15, 2021