⚠ Actively exploited
Added to CISA KEV on 2022-01-18. Federal agencies required to patch by 2022-07-18. Required action: Apply updates per vendor instructions..
CVE-2020-14864 — Path Traversal in Corporation Business Intelligence Enterprise Edition
Severity
7.5HIGHNVD
EPSS
94.0%
top 0.10%
CISA KEV
KEV
Added 2022-01-18
Due 2022-07-18
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedOct 21
KEV addedJan 18
Latest updateMay 24
KEV dueJul 18
CISA Required Action: Apply updates per vendor instructions.
Description
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Busines…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages2 packages
▶CVEListV5oracle_corporation/business_intelligence_enterprise_edition12.2.1.3.0, 12.2.1.4.0, 5.5.0.0.0+2
🔴Vulnerability Details
3GHSA▶
GHSA-p833-99r6-7hqr: Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation)↗2022-05-24
CVEList▶
CVE-2020-14864: Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation)↗2020-10-21
💥Exploits & PoCs
2Exploit-DB▶
Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion↗2020-10-28
Nuclei▶
Oracle Fusion - Directory Traversal/Local File Inclusion