Latest oracle business intelligence Vulnerabilities

CVE-2024-20904
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exp...
Oracle Business Intelligence=6.4.0.0.0
Oracle Business Intelligence=12.2.1.4.0
CVE-2023-22109
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Dashboards). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 a...
Oracle Business Intelligence=6.4.0.0.0
Oracle Business Intelligence=7.0.0.0.0
Oracle Business Intelligence=12.2.1.4.0
CVE-2023-22082
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily expl...
Oracle Business Intelligence=6.4.0.0.0
Oracle Business Intelligence=7.0.0.0.0
CVE-2023-22020
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easi...
Oracle Business Intelligence=6.4.0.0.0
Oracle Business Intelligence=7.0.0.0.0
CVE-2023-22013
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easi...
Oracle Business Intelligence=6.4.0.0.0
Oracle Business Intelligence=7.0.0.0.0
CVE-2023-22021
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easi...
Oracle Business Intelligence=6.4.0.0.0
Oracle Business Intelligence=7.0.0.0.0
CVE-2023-22061
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer). The supported version that is affected is 6.4.0.0.0. Easily exploitable...
Oracle Business Intelligence=6.4.0.0.0
CVE-2023-22012
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitabl...
Oracle Business Intelligence=7.0.0.0.0
CVE-2023-22027
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitabl...
Oracle Business Intelligence=7.0.0.0.0
CVE-2023-22011
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easi...
Oracle Business Intelligence=6.4.0.0.0
Oracle Business Intelligence=7.0.0.0.0
CVE-2023-21965
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 6.4.0.0.0. Easily exploitabl...
Oracle Business Intelligence=6.4.0.0.0
CVE-2023-21952
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 6.4.0.0.0. Easily exploitabl...
Oracle Business Intelligence=6.4.0.0.0
CVE-2023-21910
Oracle Business Intelligence=6.4.0.0.0
Oracle Business Intelligence=12.2.1.4.0
CVE-2023-21892
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0....
Oracle Business Intelligence=5.9.0.0.0
Oracle Business Intelligence=6.4.0.0.0
CVE-2023-21891
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0....
Oracle Business Intelligence=5.9.0.0.0
Oracle Business Intelligence=6.4.0.0.0
CVE-2023-21861
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0....
Oracle Business Intelligence=5.9.0.0.0
Oracle Business Intelligence=6.4.0.0.0
CVE-2022-21609
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). The supported version that is affected is 5.9.0.0. Easily exploi...
Oracle Business Intelligence=5.9.0.0.0
CVE-2022-21492
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). The supported version that is affected is 5.9.0.0.0. Easily expl...
Oracle Business Intelligence=5.9.0.0.0
CVE-2022-21448
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). The supported version that is affected is 5.9.0.0.0. Easily explo...
Oracle Business Intelligence=5.9.0.0.0
CVE-2022-21419
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Supported versions that are affected are 5.5.0.0.0 and 5.9.0.0.0....
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=5.9.0.0.0
CVE-2022-21421
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 5.9.0.0...
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=5.9.0.0.0
Oracle Business Intelligence=12.2.1.3.0
Oracle Business Intelligence=12.2.1.4.0
CVE-2022-21346
Oracle Business Intelligence ReportTemplateService XML External Entity Processing Information Disclosure Vulnerability
Oracle Business Intelligence
Oracle BI Publisher=5.5.0.0.0
Oracle BI Publisher=12.2.1.3.0
Oracle BI Publisher=12.2.1.4.0
CVE-2022-23307
A deserialization flaw was found in Apache log4j 1.2.x. While reading serialized log events, they are improperly deserialized. Note this is the same as <a href="https://access.redhat.com/security/cve...
redhat/log4j<0:1.2.14-6.6.el6_10
redhat/log4j<0:1.2.17-18.el7_4
redhat/log4j<0:1.2.17-17.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 193 more
CVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely...
redhat/log4j<0:1.2.14-6.6.el6_10
redhat/log4j<0:1.2.17-18.el7_4
redhat/log4j<0:1.2.17-17.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 196 more
CVE-2022-23302
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service...
redhat/log4j<0:1.2.14-6.6.el6_10
redhat/log4j<0:1.2.17-18.el7_4
redhat/log4j<0:1.2.17-17.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 194 more
CVE-2021-45105
Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el8ea
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el7ea
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el8
debian/apache-log4j2
debian/apache-log4j2<=2.16.0-1~deb10u1<=2.16.0-1<=2.16.0-1~deb11u1
and 217 more
CVE-2021-4104
Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
redhat/log4j<0:1.2.14-6.5.el6_10
redhat/log4j<0:1.2.17-17.el7_4
redhat/log4j<0:1.2.17-16.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 219 more
CVE-2021-2400
Oracle Business Intelligence SAXParser XML External Entity Processing Information Disclosure Vulnerability
Oracle Business Intelligence
Oracle BI Publisher=5.5.0.0.0
Oracle BI Publisher=11.1.1.9.0
Oracle BI Publisher=12.2.1.3.0
Oracle BI Publisher=12.2.1.4.0
CVE-2021-2396
Oracle Business Intelligence UpdateConnectionServlet JNDI Injection Remote Code Execution Vulnerability
Oracle Business Intelligence
Oracle BI Publisher=5.5.0.0.0
Oracle BI Publisher=11.1.1.9.0
Oracle BI Publisher=12.2.1.3.0
Oracle BI Publisher=12.2.1.4.0
CVE-2021-2456
Oracle Business Intelligence BIRemotingServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability
Oracle Business Intelligence
Oracle Business Intelligence=12.2.1.4.0
CVE-2021-30468
A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CP...
Apache CXF<3.3.11
Apache CXF>=3.4.0<3.4.4
Apache TomEE=8.0.6
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=5.9.0.0.0
Oracle Business Intelligence=12.2.1.3.0
and 12 more
CVE-2021-2302
Oracle Business Intelligence T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability
Oracle Business Intelligence
Oracle Platform Security for Java=11.1.1.9.0
Oracle Platform Security for Java=12.2.1.3.0
Oracle Platform Security for Java=12.2.1.4.0
CVE-2021-2191
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 ...
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=12.2.1.3.0
Oracle Business Intelligence=12.2.1.4.0
CVE-2021-2152
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1....
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=11.1.1.9.0
Oracle Business Intelligence=12.2.1.3.0
Oracle Business Intelligence=12.2.1.4.0
CVE-2021-22696
Apache CXF is vulnerable to a denial of service, caused by improper validation of request_uri parameter by the OAuth 2 authorization service. By sending a specially-crafted request, a remote attacker ...
Apache CXF<3.3.10
Apache CXF>=3.4.0<3.4.3
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=5.9.0.0.0
Oracle Business Intelligence=12.2.1.3.0
Oracle Business Intelligence=12.2.1.4.0
and 13 more
CVE-2021-23839
OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that allows for the inversion of the logic during a padding check. If the server is configured for SS...
OpenSSL OpenSSL>=1.0.2s<=1.0.2x
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=5.9.0.0.0
Oracle Business Intelligence=12.2.1.3.0
Oracle Business Intelligence=12.2.1.4.0
Oracle Enterprise Manager For Storage Management=13.4.0.0
and 14 more
CVE-2021-23840
OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to cause the application t...
redhat/jbcs-httpd24-apr<0:1.6.3-107.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-84.el8
redhat/jbcs-httpd24-curl<0:7.78.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-78.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-39.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-8.el8
and 86 more
CVE-2021-23841
WebRTC. A null pointer dereference was addressed with improved input validation.
redhat/jbcs-httpd24-apr<0:1.6.3-107.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-84.el8
redhat/jbcs-httpd24-curl<0:7.78.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-78.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-39.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-8.el8
and 67 more
CVE-2021-2041
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. ...
Oracle Business Intelligence=12.2.1.3.0
Oracle Business Intelligence=12.2.1.4.0
CVE-2021-2025
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1....
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=11.1.1.9.0
Oracle Business Intelligence=12.2.1.3.0
Oracle Business Intelligence=12.2.1.4.0
CVE-2021-2005
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 12.2.1.3.0 and 12.2...
Oracle Business Intelligence=12.2.1.3.0
Oracle Business Intelligence=12.2.1.4.0
CVE-2021-2003
Vulnerability in the Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Dashboards). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0,...
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=11.1.1.9.0
Oracle Business Intelligence=12.2.1.3.0
Oracle Business Intelligence=12.2.1.4.0
CVE-2020-17530
Apache Struts Remote Code Execution Vulnerability
Apache Struts
Apache Struts>=2.0.0<2.5.30
Oracle Business Intelligence=12.2.1.3.0
Oracle Business Intelligence=12.2.1.4.0
Oracle Communications Diameter Intelligence Hub=8.0.0
Oracle Communications Diameter Intelligence Hub=8.1.0
and 8 more
CVE-2020-1971
A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash res...
redhat/jbcs-httpd24-brotli<0:1.0.6-40.jbcs.el7
redhat/jbcs-httpd24-httpd<0:2.4.37-66.jbcs.el7
redhat/jbcs-httpd24-nghttp2<0:1.39.2-35.jbcs.el7
redhat/jbcs-httpd24-openssl<1:1.1.1g-3.jbcs.el7
redhat/jbcs-httpd24-openssl-chil<0:1.0.0-3.jbcs.el7
redhat/jbcs-httpd24-openssl-pkcs11<0:0.4.10-18.jbcs.el7
and 95 more
CVE-2020-13954
Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the services listing page. A remote attacker could exploit this vulnerability using the styleS...
Apache CXF<3.3.8
Apache CXF>=3.4.0<3.4.1
NetApp Snap Creator Framework
Netapp Vasa Provider For Clustered Data Ontap>=9.6
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=5.9.0.0.0
and 14 more
CVE-2020-14864
Oracle Business Intelligence Enterprise Edition Path Transversal
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=12.2.1.3.0
Oracle Business Intelligence=12.2.1.4.0
CVE-2020-14843
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 ...
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=12.2.1.3.0
Oracle Business Intelligence=12.2.1.4.0
CVE-2020-14815
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 ...
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=12.2.1.3.0
Oracle Business Intelligence=12.2.1.4.0
CVE-2020-14766
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Administration). Supported versions that are affected are 5.5.0.0.0, ...
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=11.1.1.9.0
Oracle Business Intelligence=12.2.1.3.0
Oracle Business Intelligence=12.2.1.4.0
CVE-2020-14690
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=11.1.1.9.0
Oracle Business Intelligence=12.2.1.3.0
Oracle Business Intelligence=12.2.1.4.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203