Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: BI Platform Security). Supported versions that are affected are 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Oracle
  • Business Intelligence

Configuration 1 [-]

OR cpe:2.3:a:oracle:business_intelligence:12.2.1.2.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*

No data.

References
Link Providers
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html cve-icon cve-icon
http://www.securityfocus.com/bid/102558 cve-icon cve-icon
http://www.securitytracker.com/id/1040207 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2018-01-18T02:00:00

Updated: 2024-08-05T04:29:44.454Z

Reserved: 2017-12-15T00:00:00

Link: CVE-2018-2715

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2018-01-18T02:29:24.647

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-2715

cve-icon Redhat

No data.