Saeed Shiravi

Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition versions 12.2.1.3.0 through 12.2.1.4.0 Description: The issue exists due to insufficient input validation in the Analytics Web General component of Oracle Business Intelligence Enterprise Edition. This allows a remote attacker to gain unauthorized access to protected information via the HTTP protocol. The vulnerability is difficult to exploit and requires human interaction from a person other than the attacker. Successful attacks can result in unauthorized read access to a subset of accessible data in Oracle Business Intelligence Enterprise Edition, potentially impacting additional products. Recommendations: For versions 12.2.1.3.0 and 12.2.1.4.0, consider restricting access to the Analytics Web General component until a patch is available. As a temporary workaround, limit the use of HTTP protocol interactions with the affected component to minimize the risk of exploitation.