Vulnerability in Oracle Business Intelligence Enterprise Edition's Visual Analyzer Component
CVE-2023-22061

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Business Intelligence Enterprise Edition
Vendor: CVE Published:; 18 July 2023

Summary

Oracle Business Intelligence Enterprise Edition's Visual Analyzer component has a vulnerability that permits low-privileged attackers with network access to compromise the system. Successfully exploiting this vulnerability requires user interaction from a person other than the attacker. A successful exploit may lead to unauthorized access for reading, updating, inserting, or deleting sensitive data, thereby impacting not only the Oracle Business Intelligence Enterprise Edition but also potentially extending to additional products. Users should prioritize applying available patches to mitigate the risks associated with this exposure.

Affected Version(s)

Business Intelligence Enterprise Edition 6.4.0.0.0

References

https://www.oracle.com/security-alerts/cpujul2023.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 18, 2023
Vulnerability Reserved
Dec 17, 2022