Vulnerability in Oracle Business Intelligence Enterprise Edition
CVE-2024-21139

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Business Intelligence Enterprise Edition
Vendor: CVE Published:; 16 July 2024

Summary

The vulnerability in Oracle Business Intelligence Enterprise Edition allows low privileged attackers with HTTP network access to compromise the system. Successful exploitation requires human interaction from an external user, making it particularly concerning for environments where data sensitivity is high. Affected versions include 7.0.0.0.0, 7.6.0.0.0, and 12.2.1.4.0, which could enable unauthorized actions such as data insertion, deletion, or updates, alongside unauthorized reading of critical data. Given the potential for significant impacts across multiple products, organizations using Oracle Business Intelligence are urged to prioritize patching and implementing necessary security measures. For further details, refer to the Oracle Advisory.

Affected Version(s)

Business Intelligence Enterprise Edition 7.0.0.0.0

Business Intelligence Enterprise Edition 7.6.0.0.0

Business Intelligence Enterprise Edition 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpujul2024.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 16, 2024