Multiple vulnerabilities in Oracle Business Intelligence Enterprise Edition
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2015-7940 CVE-2016-1000031 CVE-2020-2950 |
| CWE-ID | CWE-200 CWE-502 CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software Subscribe |
Oracle Business Intelligence Enterprise Edition Other software / Other software solutions |
| Vendor | Oracle |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU3403
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-7940
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Business Intelligence Enterprise Edition: 11.1.1.9.0 - 12.2.1.4.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2020.html?3222
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Desereliazation of untrusted data
EUVDB-ID: #VU12312
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-1000031
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.
The weakness exists in DiskFileItem class of the FileUpload library due to deserialization of untrusted data. A remote attacker can execute arbitrary code under the context of the current process.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionsOracle Business Intelligence Enterprise Edition: 11.1.1.9.0 - 12.2.1.4.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2020.html?3222
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU27210
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-2950
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Analytics Web General component in Oracle Business Intelligence Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Business Intelligence Enterprise Edition: 5.5.0.0.0 - 12.2.1.4.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2020.html?3222
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
