CVE-2021-2025Resource Exposure in Corporation Business Intelligence Enterprise Edition

CWE-668Resource ExposureCWE-674Uncontrolled RecursionCWE-697Incorrect ComparisonCWE-200Sensitive Information ExposureCWE-122Heap-based Buffer OverflowCWE-415Double FreeCWE-203Observable DiscrepancyCWE-476NULL Pointer DereferenceCWE-400Uncontrolled Resource ConsumptionCWE-89SQL InjectionCWE-444HTTP Request SmugglingCWE-1321Prototype PollutionCWE-130Improper Handling of Length Parameter InconsistencyCWE-763Release of Invalid Pointer or ReferenceCWE-787Out-of-bounds WriteCWE-416Use After FreeCWE-862Missing Authorization48 documents12 sources
Severity
8.2HIGHNVD
GHSA5.9
EPSS
2.2%
top 15.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Business Intelligence Enterprise EditionOracle Business Intelligence
Timeline
PublishedJan 20
Latest updateDec 11

Description

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.7

Affected Packages2 packages

🔴Vulnerability Details

4
OSV
keystone vulnerabilities2025-12-11
GHSA
algoliasearch-helper is vulnerable to Prototype Pollution in _merge()2025-09-27
GHSA
GHSA-7643-946g-hpgv: Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General)2022-05-24
CVEList
CVE-2021-2025: Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General)2021-01-20

📋Vendor Advisories

23
Oracle
Oracle Oracle Commerce Risk Matrix: Asset Manager (dojo) — CVE-2021-234502025-04-15
Microsoft
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c.2022-07-12
Microsoft
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is2022-03-08
Microsoft
The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction which allows local users to obtain potent2022-02-08
Microsoft
A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw a local attacker with special user privilege can circumvent the verifier and may lea2022-02-08

🕵️Threat Intelligence

1
Huntress
CVE-2021-45046 Vulnerability: Analysis, Impact, Mitigation | Huntress
CVE-2021-2025 — Resource Exposure | cvebase