VYPR

Business Intelligence

by Oracle Corporation

CVEs (17)

  • CVE-2022-23307HigJan 18, 2022
    risk 0.57cvss 8.8epss 0.52

    CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

  • CVE-2022-23305CriJan 18, 2022
    risk 0.57cvss 9.8epss 0.67

    By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering…

  • CVE-2016-3446HigJul 21, 2016
    risk 0.54cvss 8.3epss 0.02

    Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Analytics Web Administration.

  • CVE-2016-3544HigJul 21, 2016
    risk 0.50cvss 7.6epss 0.02

    Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 11.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web General.

  • CVE-2017-10058MedAug 8, 2017
    risk 0.45cvss 6.9epss 0.01

    Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web Administration). Supported versions that are affected are 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows high…

  • CVE-2021-23840HigFeb 16, 2021
    risk 0.42cvss 7.5epss 0.51

    Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will…

  • CVE-2017-10163MedOct 19, 2017
    risk 0.41cvss 6.3epss 0.01

    Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web General). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows…

  • CVE-2016-0479MedApr 21, 2016
    risk 0.40cvss 6.1epss 0.01

    Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality and integrity via vectors related to Analytics Scorecard.

  • CVE-2020-1971MedDec 8, 2020
    risk 0.38cvss 5.9epss 0.07

    The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This…

  • CVE-2021-45105MedDec 18, 2021
    risk 0.37cvss 5.9epss 1.00

    Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is…

  • CVE-2016-3433MedJul 21, 2016
    risk 0.35cvss 5.4epss 0.01

    Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web Administration.

  • CVE-2016-0468MedApr 21, 2016
    risk 0.35cvss 5.4epss 0.01

    Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web General.

  • CVE-2016-7103MedMar 15, 2017
    risk 0.34cvss 6.1epss 0.23

    Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

  • CVE-2024-21099Apr 16, 2024
    risk 0.00cvss epss 0.00

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Data Visualization). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP…

  • CVE-2024-21064Apr 16, 2024
    risk 0.00cvss epss 0.00

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Answers). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2024-21001Apr 16, 2024
    risk 0.00cvss epss 0.00

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP…

  • CVE-2020-14203Jun 22, 2020
    risk 0.00cvss epss 0.00

    WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with…