Vulnerability in Oracle Business Intelligence Enterprise Edition by Oracle
CVE-2022-21609

5.7MEDIUM

Key Information:

Vendor: Oracle
Status: Business Intelligence Enterprise Edition
Vendor: CVE Published:; 18 October 2022

Summary

A flaw in Oracle Business Intelligence Enterprise Edition allows low-privileged attackers with network access to exploit the vulnerability via HTTP. This security issue requires human interaction, enabling unauthorized access to sensitive information, potentially leading to significant data exposure. Users should remain vigilant and apply necessary patches or updates as outlined in Oracle's security advisories.

Affected Version(s)

Business Intelligence Enterprise Edition 5.9.0.0

References

https://www.oracle.com/security-alerts/cpuoct2022.html

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Nov 15, 2021