Tor E. Bjørstad has been credited by Oracle for reporting CVE-2017-10060, which is a denial of service vulnerability in Oracle Business Intelligence Enterprise Edition (OBIEE), part of Oracle Fusion Middleware.
The vulnerability was reported to Oracle in mid-July, and is being fixed as part of Oracle’s quarterly Critical Patch Update for October.
An application user can cause resource exhaustion by sending a specially crafted request to the OBIEE server. This leads to an immediate application-layer denial of service condition.
CVSSv3 Base Score: 8.2 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H)
mnemonic recommends that companies using OBIEE apply the new patch in order to mitigate the vulnerability. The vulnerability affects OBIEE versions 184.108.40.206.0, 220.127.116.11.0, 18.104.22.168.0, and 22.214.171.124.0.
For more information, see: Oracle Critical Patch Update Advisory - October 2017: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html