Exploitable Vulnerability in Oracle Business Intelligence's Analytics Server
CVE-2023-21952
5.7MEDIUM
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 18 April 2023
Summary
A vulnerability exists within Oracle Business Intelligence Enterprise Edition's Analytics Server that permits a low-privileged attacker with network access via HTTP to gain unauthorized access to sensitive data. This vulnerability requires interaction from an individual other than the attacker for successful exploitation. Successful attacks could potentially lead to full access to all data accessible within Oracle Business Intelligence Enterprise Edition, thereby posing a serious risk to data confidentiality.
Affected Version(s)
Business Intelligence Enterprise Edition 6.4.0.0.0
References
CVSS V3.1
Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved