Oracle Business Intelligence Enterprise Edition Vulnerability in Analytics Web General
CVE-2023-21910

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Business Intelligence Enterprise Edition
Vendor: CVE Published:; 18 April 2023

What is CVE-2023-21910?

A vulnerability exists in the Oracle Business Intelligence Enterprise Edition's Analytics Web component that allows a low-privileged attacker with HTTP network access to manipulate system functionalities. This flaw could lead to unauthorized access to sensitive data, granting attackers potential control over all accessible information within the affected Oracle Business Intelligence versions 6.4.0.0.0 and 12.2.1.4.0. Users are encouraged to assess their exposure and apply necessary security measures to safeguard their data.

Affected Version(s)

Business Intelligence Enterprise Edition 6.4.0.0.0

Business Intelligence Enterprise Edition 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpuapr2023.html

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Dec 17, 2022