Oracle Business Intelligence Enterprise Edition product versions 12.2.1.3.0 Information Exposure Vulnerability

Summary

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition.

 

Credit:

The information has been provided by Lukasz Rupala

The original article can be found at: http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

 

 


Details

Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. 

Vulnerable Systems:

Oracle Business Intelligence Enterprise Edition product versions 12.2.1.3.0 

Oracle Business Intelligence Enterprise Edition product versions 12.2.1.4.0 

CVE Information:

CVE-2019-2900

Disclosure Timeline:
Published Date:10/16/2019