Business Intelligence Security Vulnerabilities and Issues — Business Intelligence CVE List

Lucene search

OracleBusiness Intelligence

14 matches found

CVE•added 2021/02/16 5:15 p.m.•1908 views

CVE-2021-23841

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if t...

5.9CVSS7AI score0.00706EPSS

CVE•added 2021/12/14 12:15 p.m.•1095 views

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remot...

7.5CVSS9.4AI score0.94358EPSS

CVE•added 2021/12/18 12:15 p.m.•1031 views

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

5.9CVSS7.7AI score0.65644EPSS

CVE•added 2021/02/16 5:15 p.m.•715 views

CVE-2021-23840

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating succ...

7.5CVSS8AI score0.00451EPSS

CVE•added 2021/02/16 5:15 p.m.•227 views

CVE-2021-23839

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than...

4.3CVSS5.5AI score0.00257EPSS

CVE•added 2021/06/16 12:15 p.m.•183 views

CVE-2021-30468

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to...

7.5CVSS7.4AI score0.00399EPSS

CVE•added 2021/04/02 10:15 a.m.•180 views

CVE-2021-22696

CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI f...

7.5CVSS7.4AI score0.00487EPSS

CVE•added 2021/07/21 12:15 a.m.•70 views

CVE-2021-2456

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to comprom...

9.8CVSS9.4AI score0.69278EPSS

CVE•added 2021/04/22 10:15 p.m.•65 views

CVE-2021-2152

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows high privileged attacker ...

4CVSS4.3AI score0.00236EPSS

CVE•added 2021/04/22 10:15 p.m.•61 views

CVE-2021-2191

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access...

5.4CVSS5.6AI score0.00185EPSS

CVE•added 2021/01/20 3:15 p.m.•58 views

CVE-2021-2041

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to ...

8.1CVSS8.2AI score0.01231EPSS

CVE•added 2021/01/20 3:15 p.m.•46 views

CVE-2021-2003

Vulnerability in the Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Dashboards). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with ne...

5.4CVSS5.2AI score0.00185EPSS

CVE•added 2021/01/20 3:15 p.m.•46 views

CVE-2021-2025

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker wi...

8.2CVSS8.3AI score0.01089EPSS

CVE•added 2021/01/20 3:15 p.m.•44 views

CVE-2021-2005

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HT...

4.7CVSS4.2AI score0.00863EPSS