漏洞标题
N/A
漏洞描述信息
Oracle E-Business Suite中的Oracle E-Business Intelligence产品的漏洞(组件:DBI Setups)。受影响的支持版本是12.1.1-12.1.3。容易利用的漏洞允许通过HTTP进行网络访问的未授权攻击者访问Oracle E-Business Intelligence。成功的攻击需要攻击者之外的人进行人类互动,尽管漏洞在Oracle E-Business Intelligence中,但攻击可能会对其他产品产生重大影响。这个漏洞的成功攻击可能导致未经授权访问关键数据或完全访问所有Oracle E-Business Intelligence可访问的数据,以及未经授权更新、插入或删除某些Oracle E-Business Intelligence可访问的数据的权限。CVSS 3.0基础得分为8.2(保密性和完整性影响)。CVSS向量:(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Oracle E-Business Suite E-Business Intelligence 安全漏洞
漏洞描述信息
Oracle E-Business Suite(电子商务套件)是美国甲骨文(Oracle)公司的一套全面集成式的全球业务管理软件。该软件提供了客户关系管理、服务管理、财务管理等功能。E-Business Intelligence是其中的一个商业智能组件。 Oracle E-Business Suite 12.1.1版本至12.1.3版本中的E-Business Intelligence的DBI Setups组件存在安全漏洞。攻击者可利用该漏洞未授权访问、更新、插入或删除数据,影响数据的保密性和完整性。
CVSS信息
N/A
漏洞类别
其他