Business Intelligence Security Vulnerabilities and Issues — Business Intelligence CVE List

Lucene search

OracleBusiness Intelligence

8 matches found

CVE•added 2022/01/18 4:15 p.m.•740 views

CVE-2022-23302

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configura...

8.8CVSS9.3AI score0.72202EPSS

In wild

CVE•added 2022/01/18 4:15 p.m.•650 views

CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

9CVSS9.2AI score0.00882EPSS

CVE•added 2022/01/18 4:15 p.m.•621 views

CVE-2022-23305

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings int...

9.8CVSS9.4AI score0.14136EPSS

CVE•added 2022/04/19 9:15 p.m.•82 views

CVE-2022-21448

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). The supported version that is affected is 5.9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Ora...

6.1CVSS5.9AI score0.01151EPSS

CVE•added 2022/04/19 9:15 p.m.•80 views

CVE-2022-21419

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Supported versions that are affected are 5.5.0.0.0 and 5.9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to c...

6.1CVSS5.8AI score0.008EPSS

CVE•added 2022/04/19 9:15 p.m.•77 views

CVE-2022-21492

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). The supported version that is affected is 5.9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Or...

6.1CVSS5.9AI score0.00837EPSS

CVE•added 2022/04/19 9:15 p.m.•71 views

CVE-2022-21421

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 5.9.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker wit...

7.5CVSS7.4AI score0.04294EPSS

CVE•added 2022/10/18 9:15 p.m.•55 views

CVE-2022-21609

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). The supported version that is affected is 5.9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracl...

5.7CVSS5.4AI score0.00611EPSS