Vulnerability discovered in Oracle Business Intelligence Enterprise Edition (CVE-2017-10060)
mnemonic discovers a denial of service vulnerability in Oracle’s Business Intelligence platform.
Skrevet av:
Tor E. Bjørstad has been credited by Oracle for reporting CVE-2017-10060, which is a denial of service vulnerability in Oracle Business Intelligence Enterprise Edition (OBIEE), part of Oracle Fusion Middleware.
The vulnerability was reported to Oracle in mid-July, and is being fixed as part of Oracle’s quarterly Critical Patch Update for October.
CVE-2017-10060
An application user can cause resource exhaustion by sending a specially crafted request to the OBIEE server. This leads to an immediate application-layer denial of service condition.
CVSSv3 Base Score: 8.2 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H)
mnemonic recommends that companies using OBIEE apply the new patch in order to mitigate the vulnerability. The vulnerability affects OBIEE versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0, and 12.2.1.2.0.
For more information, see: Oracle Critical Patch Update Advisory - October 2017: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html