PT-2025-29609 · Oracle · Oracle Business Intelligence Enterprise Edition
Jean-Michel Huguet
·
Published
2025-07-15
·
Updated
2025-07-24
·
CVE-2025-30759
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle Business Intelligence Enterprise Edition versions 7.6.0.0.0 through 12.2.1.4.0
Description
A vulnerability exists in the Oracle Business Intelligence Enterprise Edition component, Platform Security, that allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks require human interaction from a person other than the attacker and may impact additional products. Successful exploitation can result in unauthorized data modification and read access.
Recommendations
Update Oracle Business Intelligence Enterprise Edition version 7.6.0.0.0 to a later version.
Update Oracle Business Intelligence Enterprise Edition version 8.2.0.0.0 to a later version.
Update Oracle Business Intelligence Enterprise Edition version 12.2.1.4.0 to a later version.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Business Intelligence Enterprise Edition