Exploitable Vulnerability in Oracle Business Intelligence's Analytics Server
CVE-2023-21952

5.7MEDIUM

Key Information:

Vendor: Oracle
Status: Business Intelligence Enterprise Edition
Vendor: CVE Published:; 18 April 2023

What is CVE-2023-21952?

A vulnerability exists within Oracle Business Intelligence Enterprise Edition's Analytics Server that permits a low-privileged attacker with network access via HTTP to gain unauthorized access to sensitive data. This vulnerability requires interaction from an individual other than the attacker for successful exploitation. Successful attacks could potentially lead to full access to all data accessible within Oracle Business Intelligence Enterprise Edition, thereby posing a serious risk to data confidentiality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Business Intelligence Enterprise Edition 6.4.0.0.0

References

https://www.oracle.com/security-alerts/cpuapr2023.html

vendor-advisory

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Dec 17, 2022

JSON

Oracle