CVE-2020-14864
CVE-2020-14864
In short
A flaw in Oracle Business Intelligence Enterprise Edition allows attackers on the network to access sensitive data without logging in. This happens through the installation component and can expose all data the system contains.
Technical detail
An unauthenticated network-based vulnerability in Oracle BIEE (versions 5.5.0.0.0, 12.2.1.3.0, 12.2.1.4.0) via HTTP with low attack complexity (AC:L) and no user interaction required. Exploitation results in high confidentiality impact, exposing critical data accessible to the application.
Summary generated and translated by AI from the official description.
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Oracle Corporation · Business Intelligence Enterprise Editionpublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/159748/Oracle-Business-Intelligence-Enterprise-Edition-5.5.0.0.0-12.2.1.3.0-12.2.1.4.0-LFI.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48964unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →