Oracle Business Intelligence vulnerabilities

CVE-2020-2950 [CRITICAL] CVE-2020-2950: Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middle Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Int

CVE-2020-2537 [HIGH] CVE-2020-2537: Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middle Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. S

CVE-2020-2535 [MEDIUM] CVE-2020-2535: Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middle Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition.

CVE-2020-2531 [LOW] CVE-2020-2531: Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middle Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Editio

CVE-2019-14862 [MEDIUM] CWE-79 CVE-2019-14862: There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.

CVE-2019-10219 [MEDIUM] CWE-79 CVE-2019-10219: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properl A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

CVE-2019-2900 [HIGH] CVE-2019-2900: Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middle Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. S

CVE-2019-2905 [HIGH] CVE-2019-2905: Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middle Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While

CVE-2019-3012 [MEDIUM] CVE-2019-3012: Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middle Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Ente

CVE-2019-2897 [MEDIUM] CVE-2019-2897: Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middle Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition.

CVE-2019-2605 [LOW] CVE-2019-2605: Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Midd Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Web Catalog). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterpris

CVE-2019-1559 [MEDIUM] CWE-203 CVE-2019-1559: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to sen If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behave

CVE-2018-3204 [HIGH] CVE-2018-3204: Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Midd Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Server). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful

CVE-2018-8013 [CRITICAL] CWE-502 CVE-2018-8013: In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

CVE-2017-10068 [HIGH] CVE-2017-10068: Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Midd Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web Dashboards). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. S

CVE-2018-2715 [MEDIUM] CVE-2018-2715: Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Midd Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: BI Platform Security). Supported versions that are affected are 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise E

CVE-2017-10060 [HIGH] CVE-2017-10060: Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Midd Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web General). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business

CVE-2017-10163 [MEDIUM] CVE-2017-10163: Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Midd Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web General). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Busines

CVE-2017-10058 [MEDIUM] CVE-2017-10058: Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Midd Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web Administration). Supported versions that are affected are 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Business In

CVE-2016-7103 [MEDIUM] CWE-79 CVE-2016-7103: Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.