CVE-2023-22021

2023-07-1821:15:13

[email protected]

web.nvd.nist.gov

oracle business intelligence

vulnerability

http access

denial of service

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

17.8%

JSON

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).

Affected configurations

Nvd

Node

oraclebusiness_intelligenceMatch6.4.0.0.0enterprise

oraclebusiness_intelligenceMatch7.0.0.0.0enterprise

VendorProductVersionCPE
oraclebusiness_intelligence6.4.0.0.0cpe:2.3:a:oracle:business_intelligence:6.4.0.0.0:*:*:*:enterprise:*:*:*
oraclebusiness_intelligence7.0.0.0.0cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*

Vendor	Product	Version	CPE
oracle	business_intelligence	6.4.0.0.0	cpe:2.3:a:oracle:business_intelligence:6.4.0.0.0::::enterprise:::
oracle	business_intelligence	7.0.0.0.0	cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::