CVE-2024-21099

Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition version 7.0.0.0.0

Description: The issue exists due to insufficient input validation in the Data Visualization component of Oracle Business Intelligence Enterprise Edition. This allows a remote attacker with low privileges and network access via HTTP to compromise the system, resulting in unauthorized read access to a subset of accessible data.

Recommendations: For version 7.0.0.0.0, consider restricting access to the Data Visualization component until a patch is available. As a temporary workaround, limit network access via HTTP to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.