漏洞标题
N/A
漏洞描述信息
Oracle Analytics组件中的Oracle Business Intelligence Enterprise Edition产品存在安全漏洞(组件:BI平台安全)。受影响的版本为7.0.0.0.0。该漏洞易于被利用,允许低权限的攻击者通过HTTP网络访问来利用Oracle Business Intelligence Enterprise Edition。成功的攻击需要攻击者之外的人员进行人为交互,并且虽然漏洞位于Oracle Business Intelligence Enterprise Edition中,但攻击可能对其他产品造成显著影响(范围变更)。成功利用此漏洞可能导致未经授权对部分可访问数据进行更新、插入或删除访问,以及对部分可访问数据进行未经授权的读取访问。CVSS 3.1基础评分5.4(影响信息的机密性和完整性)。CVSS向量:(CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)。
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
Oracle Business Intelligence Enterprise Edition 安全漏洞
漏洞描述信息
Oracle Business Intelligence Enterprise Edition是美国甲骨文(Oracle)公司的一款智能商业分析软件。对企业数据进行可视化分析,从而辅助决策、降低总体拥有成本并提高整个组织的投资回报率。 Oracle Analytics 的 Oracle Business Intelligence Enterprise Edition存在安全漏洞。攻击者利用该漏洞可以获得对数据的更新、插入或删除权限。
CVSS信息
N/A
漏洞类别
其他