CVE-2017-10163

Name of the Vulnerable Software and Affected Versions Oracle Business Intelligence Enterprise Edition versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0

Description The issue allows a low-privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized creation, deletion, or modification access to critical data, as well as unauthorized read access to a subset of accessible data.

Recommendations For versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0, and 12.2.1.2.0, refer to My Oracle Support Note 2310021.1 for instructions on how to address this issue.