cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-21139,https://securityvulnerability.io/vulnerability/CVE-2024-21139,Vulnerability in Oracle Business Intelligence Enterprise Edition,"The vulnerability in Oracle Business Intelligence Enterprise Edition allows low privileged attackers with HTTP network access to compromise the system. Successful exploitation requires human interaction from an external user, making it particularly concerning for environments where data sensitivity is high. Affected versions include 7.0.0.0.0, 7.6.0.0.0, and 12.2.1.4.0, which could enable unauthorized actions such as data insertion, deletion, or updates, alongside unauthorized reading of critical data. Given the potential for significant impacts across multiple products, organizations using Oracle Business Intelligence are urged to prioritize patching and implementing necessary security measures. For further details, refer to the Oracle Advisory.",Oracle,Business Intelligence Enterprise Edition,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-16T23:15:00.000Z,0
CVE-2024-21099,https://securityvulnerability.io/vulnerability/CVE-2024-21099,Oracle Business Intelligence Enterprise Edition Vulnerability,Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Data Visualization).   The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,Oracle,Business Intelligence Enterprise Edition,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-16T22:15:00.000Z,0
CVE-2024-21001,https://securityvulnerability.io/vulnerability/CVE-2024-21001,Exploitable Vulnerability in Oracle Analytics Business Intelligence Platform,"A flaw in the Oracle Business Intelligence Enterprise Edition allows a low-privileged attacker with network access via HTTP to compromise the platform. Exploitation of this vulnerability necessitates human interaction from a user other than the attacker. Although it primarily affects Oracle Business Intelligence, successful attacks can also have broader implications on other connected products. The vulnerability permits unauthorized actions such as the ability to update, insert, or delete data, as well as unauthorized reading of accessible data within Oracle Business Intelligence Enterprise Edition.",Oracle,Business Intelligence Enterprise Edition,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-16T22:15:00.000Z,0
CVE-2024-20913,https://securityvulnerability.io/vulnerability/CVE-2024-20913,Oracle Business Intelligence Enterprise Edition Vulnerability,"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security).   The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Business Intelligence Enterprise Edition,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-17T02:15:00.000Z,0
CVE-2024-20904,https://securityvulnerability.io/vulnerability/CVE-2024-20904,"Vulnerability in Oracle Business Intelligence Enterprise Edition Product, Oracle Analytics","A vulnerability exists in Oracle Business Intelligence Enterprise Edition that allows low-privileged attackers with network access via HTTP to gain unauthorized read access to sensitive data. This flaw is present in specific versions of Oracle Analytics and poses potential risks not only to the affected product but also to other interconnected systems. The ease of exploitation raises concerns about data confidentiality, making this an essential issue for organizations utilizing Oracle's analytics solutions.",Oracle,Business Intelligence Enterprise Edition,5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-01-16T21:41:12.622Z,0
CVE-2023-22082,https://securityvulnerability.io/vulnerability/CVE-2023-22082,Vulnerability in Oracle Business Intelligence Enterprise Edition by Oracle,"An exploitable vulnerability in Oracle Business Intelligence Enterprise Edition's Pod Admin component allows an attacker with low privileges and network access to compromise sensitive data. This vulnerability necessitates human interaction to initiate an attack but can lead to unauthorized updates, inserts, or deletions of data. Additionally, there is potential for unauthorized read access to certain data subsets, jeopardizing data privacy and integrity across Oracle's analytics services. The implications of this vulnerability are substantial, potentially affecting multiple products within the ecosystem.",Oracle,Business Intelligence Enterprise Edition,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-17T22:15:00.000Z,0
CVE-2023-22109,https://securityvulnerability.io/vulnerability/CVE-2023-22109,Exploitable Vulnerability in Oracle Business Intelligence Enterprise Edition,"This vulnerability in Oracle Business Intelligence Enterprise Edition allows a low-privileged attacker with network access via HTTP to compromise sensitive data through web dashboards. The exploitation requires human interaction from a person other than the attacker, increasing the complexity of the attack. Successful exploitation can lead to unauthorized updates, insertions, deletions, and readings of accessible data, thereby jeopardizing both data confidentiality and integrity.",Oracle,Business Intelligence Enterprise Edition,4.6,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-17T22:15:00.000Z,0
CVE-2023-22013,https://securityvulnerability.io/vulnerability/CVE-2023-22013,Vulnerability in Oracle Business Intelligence Enterprise Edition by Oracle,"This vulnerability in the Oracle Business Intelligence Enterprise Edition allows an attacker with low privileges and network access to potentially compromise the system via HTTP. Successful exploitation can give unauthorized access to update, insert, or delete accessible data within the Oracle Business Intelligence platform, affecting the integrity of vital business analytics and data management functionalities.",Oracle,Business Intelligence Enterprise Edition,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-22027,https://securityvulnerability.io/vulnerability/CVE-2023-22027,Vulnerability in Oracle Business Intelligence Enterprise Edition by Oracle,"An easily exploitable vulnerability exists in Oracle Business Intelligence Enterprise Edition, specifically in the Analytics Server component. This issue permits low-privileged attackers with network access to compromise the system via HTTP. Successful exploitation can lead to a partial denial of service, impacting the availability of the affected product. Users are advised to apply any available patches to mitigate these risks.",Oracle,Business Intelligence Enterprise Edition,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-22061,https://securityvulnerability.io/vulnerability/CVE-2023-22061,Vulnerability in Oracle Business Intelligence Enterprise Edition's Visual Analyzer Component,"Oracle Business Intelligence Enterprise Edition's Visual Analyzer component has a vulnerability that permits low-privileged attackers with network access to compromise the system. Successfully exploiting this vulnerability requires user interaction from a person other than the attacker. A successful exploit may lead to unauthorized access for reading, updating, inserting, or deleting sensitive data, thereby impacting not only the Oracle Business Intelligence Enterprise Edition but also potentially extending to additional products. Users should prioritize applying available patches to mitigate the risks associated with this exposure.",Oracle,Business Intelligence Enterprise Edition,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-22020,https://securityvulnerability.io/vulnerability/CVE-2023-22020,Vulnerability in Oracle Business Intelligence Enterprise Edition,"A vulnerability exists in the Oracle Business Intelligence Enterprise Edition that allows an attacker with low privileges and network access to execute unauthorized operations. This can lead to unapproved updates, inserts, or deletions of data, as well as unauthorized access to sensitive information within the Oracle Analytics environment. Affected versions include 6.4.0.0.0 and 7.0.0.0.0.",Oracle,Business Intelligence Enterprise Edition,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-22011,https://securityvulnerability.io/vulnerability/CVE-2023-22011,Vulnerability in Oracle Business Intelligence Enterprise Edition by Oracle,"A vulnerability exists in Oracle Business Intelligence Enterprise Edition, specifically in the Analytics Server component. This flaw allows a low-privileged attacker with network access via HTTP to potentially compromise the system. Exploitation of the vulnerability could lead to unauthorized updates, inserts, or deletions of accessible data, as well as the ability to cause a partial denial of service, affecting the overall integrity and availability of the product. Enterprises using the affected versions 6.4.0.0.0 and 7.0.0.0.0 should take immediate steps to secure their applications.",Oracle,Business Intelligence Enterprise Edition,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-22021,https://securityvulnerability.io/vulnerability/CVE-2023-22021,Vulnerability in Oracle Business Intelligence Enterprise Edition,"A vulnerability exists in Oracle Business Intelligence Enterprise Edition within the Oracle Analytics component. This issue affects versions 6.4.0.0.0 and 7.0.0.0.0, allowing low privileged attackers with network access via HTTP to exploit the system. Successful exploitation may lead to unauthorized access, compromising the integrity of the application and potentially resulting in a partial denial of service.",Oracle,Business Intelligence Enterprise Edition,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-22012,https://securityvulnerability.io/vulnerability/CVE-2023-22012,Vulnerability in Oracle Business Intelligence Enterprise Edition,"This vulnerability affects Oracle Business Intelligence Enterprise Edition, specifically version 7.0.0.0.0, and allows low-privileged attackers with network access to utilize HTTP methods for unauthorized updates, inserts, or deletions of data. The flaw enables potential manipulation of sensitive information within the analytics server, making it critical for organizations using this product to assess their security posture and implement necessary mitigations.",Oracle,Business Intelligence Enterprise Edition,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-21965,https://securityvulnerability.io/vulnerability/CVE-2023-21965,Vulnerability in Oracle Business Intelligence Enterprise Edition by Oracle,"A vulnerability exists in Oracle's Business Intelligence Enterprise Edition that allows low privileged attackers with HTTP network access to exploit the system. The attack requires human interaction from a non-attacker party, enabling unauthorized access to critical data. Consequently, this could lead to complete access to sensitive information within the Oracle Business Intelligence framework.",Oracle,Business Intelligence Enterprise Edition,5.7,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-04-18T20:15:00.000Z,0
CVE-2023-21910,https://securityvulnerability.io/vulnerability/CVE-2023-21910,Oracle Business Intelligence Enterprise Edition Vulnerability in Analytics Web General,"A vulnerability exists in the Oracle Business Intelligence Enterprise Edition's Analytics Web component that allows a low-privileged attacker with HTTP network access to manipulate system functionalities. This flaw could lead to unauthorized access to sensitive data, granting attackers potential control over all accessible information within the affected Oracle Business Intelligence versions 6.4.0.0.0 and 12.2.1.4.0. Users are encouraged to assess their exposure and apply necessary security measures to safeguard their data.",Oracle,Business Intelligence Enterprise Edition,6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-04-18T20:15:00.000Z,0
CVE-2023-21952,https://securityvulnerability.io/vulnerability/CVE-2023-21952,Exploitable Vulnerability in Oracle Business Intelligence's Analytics Server,"A vulnerability exists within Oracle Business Intelligence Enterprise Edition's Analytics Server that permits a low-privileged attacker with network access via HTTP to gain unauthorized access to sensitive data. This vulnerability requires interaction from an individual other than the attacker for successful exploitation. Successful attacks could potentially lead to full access to all data accessible within Oracle Business Intelligence Enterprise Edition, thereby posing a serious risk to data confidentiality.",Oracle,Business Intelligence Enterprise Edition,5.7,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-04-18T20:15:00.000Z,0
CVE-2023-21892,https://securityvulnerability.io/vulnerability/CVE-2023-21892,Vulnerability in Oracle Business Intelligence Enterprise Edition by Oracle,"An improper access control vulnerability exists in Oracle Business Intelligence Enterprise Edition, specifically within the Visual Analyzer component. This flaw allows an attacker with low privileges and network access via HTTP to exploit the system, requiring human interaction for successful exploitation. The impact of this vulnerability may extend beyond Oracle Business Intelligence to affect related products, leading to unauthorized actions such as data updates, insertions, deletions, or read access to sensitive data. Organizations utilizing affected versions (5.9.0.0.0 and 6.4.0.0.0) should take immediate action to mitigate risks associated with potential data compromise.",Oracle,Business Intelligence Enterprise Edition,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-01-18T00:15:00.000Z,0
CVE-2023-21861,https://securityvulnerability.io/vulnerability/CVE-2023-21861,Vulnerability in Oracle Business Intelligence Enterprise Edition by Oracle,"An exploitable vulnerability exists in Oracle Business Intelligence Enterprise Edition within Oracle Fusion Middleware, specifically in the Visual Analyzer component. The flaw allows a low-privileged attacker with network access via HTTP to compromise the system. Successful exploitation requires human interaction from a third party, and while it directly affects the Business Intelligence Enterprise Edition, it can extend its impact to other connected products. Attackers exploiting this vulnerability can potentially gain unauthorized capabilities, allowing them to perform actions like updating, inserting, or deleting data, as well as unauthorized reading of certain data accessible through the platform.",Oracle,Business Intelligence Enterprise Edition,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-01-18T00:15:00.000Z,0
CVE-2023-21891,https://securityvulnerability.io/vulnerability/CVE-2023-21891,Vulnerability in Oracle Business Intelligence Enterprise Edition by Oracle,"The vulnerability in Oracle Business Intelligence Enterprise Edition allows low privileged attackers with network access via HTTP to compromise the system. Exploitation requires human interaction, which can lead to unauthorized data manipulation, including updates, inserts, and deletions. This breach may extend its impact beyond the initial application, emphasizing the need for robust security measures to protect sensitive data within affected versions.",Oracle,Business Intelligence Enterprise Edition,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-01-18T00:15:00.000Z,0
CVE-2022-21609,https://securityvulnerability.io/vulnerability/CVE-2022-21609,Vulnerability in Oracle Business Intelligence Enterprise Edition by Oracle,"A flaw in Oracle Business Intelligence Enterprise Edition allows low-privileged attackers with network access to exploit the vulnerability via HTTP. This security issue requires human interaction, enabling unauthorized access to sensitive information, potentially leading to significant data exposure. Users should remain vigilant and apply necessary patches or updates as outlined in Oracle's security advisories.",Oracle,Business Intelligence Enterprise Edition,5.7,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-10-18T00:00:00.000Z,0
CVE-2022-21492,https://securityvulnerability.io/vulnerability/CVE-2022-21492,Vulnerability in Oracle Business Intelligence Enterprise Edition by Oracle,"An exploitable vulnerability exists in the Oracle Business Intelligence Enterprise Edition, which is part of Oracle Fusion Middleware. This issue allows an unauthenticated attacker with network access via HTTP to compromise the system. Although the vulnerability demands human interaction from an individual other than the attacker, its implications extend beyond the affected product and could impact other components. Successful exploitation could lead to unauthorized actions such as updating, inserting, or deleting data, as well as unauthorized reading of certain accessible data within the system.",Oracle,Business Intelligence Enterprise Edition,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-04-19T20:38:45.000Z,0
CVE-2022-21448,https://securityvulnerability.io/vulnerability/CVE-2022-21448,Unauthenticated Input Vulnerability in Oracle Business Intelligence Enterprise Edition,"A vulnerability exists in Oracle Business Intelligence Enterprise Edition that allows unauthenticated attackers to exploit the system through HTTP. This exploit can lead to unauthorized updates, inserts, or deletions of accessible data. The vulnerability specifically affects version 5.9.0.0.0 and can have repercussions on other interconnected products within the Oracle Fusion Middleware. Successful exploitation necessitates human interaction from a non-attacker, making it an insidious threat that could compromise data confidentiality and integrity, impacting the overall security posture of organizations relying on this platform.",Oracle,Business Intelligence Enterprise Edition,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-04-19T20:37:38.000Z,0
CVE-2022-21421,https://securityvulnerability.io/vulnerability/CVE-2022-21421,Unauthenticated Access Vulnerability in Oracle Business Intelligence Enterprise Edition,"A significant vulnerability exists in Oracle Business Intelligence Enterprise Edition that allows unauthenticated attackers with network access via HTTP to gain unauthorized access to sensitive data. Attackers can exploit this weakness to retrieve critical information without needing valid credentials. This poses a serious risk, as successful exploitation can lead to complete access to all accessible data within the Oracle Business Intelligence ecosystem. Organizations utilizing the affected versions should prioritize patching and implementing security measures to mitigate these risks.",Oracle,Business Intelligence Enterprise Edition,7.5,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-04-19T20:37:04.000Z,0
CVE-2022-21419,https://securityvulnerability.io/vulnerability/CVE-2022-21419,Vulnerability in Oracle Business Intelligence Enterprise Edition by Oracle,"A security flaw in Oracle Business Intelligence Enterprise Edition enables an unauthenticated attacker with network access to compromise the system. Exploitation of this vulnerability may require human interaction from an individual other than the attacker, leading to the potential for unauthorized updates, inserts, or deletions of accessible data. Additionally, the impacts may extend beyond Oracle Business Intelligence Enterprise Edition to other products. The vulnerability specifically affects versions 5.5.0.0.0 and 5.9.0.0.0, allowing attackers to gain unauthorized read access to certain data.",Oracle,Business Intelligence Enterprise Edition,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-04-19T20:37:00.000Z,0