Vulnerability in Oracle Business Intelligence Enterprise Edition Product, Oracle Analytics
CVE-2024-20904

5MEDIUM

Key Information:

Vendor: Oracle
Status: Business Intelligence Enterprise Edition
Vendor: CVE Published:; 16 January 2024

Summary

A vulnerability exists in Oracle Business Intelligence Enterprise Edition that allows low-privileged attackers with network access via HTTP to gain unauthorized read access to sensitive data. This flaw is present in specific versions of Oracle Analytics and poses potential risks not only to the affected product but also to other interconnected systems. The ease of exploitation raises concerns about data confidentiality, making this an essential issue for organizations utilizing Oracle's analytics solutions.

Affected Version(s)

Business Intelligence Enterprise Edition 6.4.0.0.0

Business Intelligence Enterprise Edition 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpujan2024.html

vendor-advisory

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Dec 7, 2023