cnvd-2022-33106
Vulnerability from cnvd
Title
Oracle Fusion Middleware和Oracle Business Intelligence Enterprise Edition存在未明漏洞(CNVD-2022-33106)
Description
Oracle Fusion Middleware(Oracle融合中间件)和Oracle Business Intelligence Enterprise Edition都是美国甲骨文(Oracle)公司的产品。Oracle Fusion Middleware是一套面向企业和云环境的业务创新平台。该平台提供了中间件、软件集合等功能。Oracle Business Intelligence Enterprise Edition是一款智能商业分析软件。对企业数据进行可视化分析,从而辅助决策、降低总体拥有成本并提高整个组织的投资回报率。 Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware存在安全漏洞,该漏洞允许未经身份验证的攻击者通过 HTTP 进行网络访问,从而破坏 Oracle 商业智能企业版。成功的攻击需要来自攻击者以外的其他人的人工交互,并且虽然漏洞存在于 Oracle 商业智能企业版中,但攻击可能会显着影响其他产品(范围更改)。攻击者可利用该漏洞对某些Oracle Business Intelligence Enterprise Edition可访问数据的未经授权的更新、插入或删除访问,以及对 Oracle Business Intelligence Enterprise Edition 可访问数据的子集的未经授权的读取访问。
Severity
Patch Name
Oracle Fusion Middleware和Oracle Business Intelligence Enterprise Edition存在未明漏洞(CNVD-2022-33106)的补丁
Patch Description
Oracle Fusion Middleware(Oracle融合中间件)和Oracle Business Intelligence Enterprise Edition都是美国甲骨文(Oracle)公司的产品。Oracle Fusion Middleware是一套面向企业和云环境的业务创新平台。该平台提供了中间件、软件集合等功能。Oracle Business Intelligence Enterprise Edition是一款智能商业分析软件。对企业数据进行可视化分析,从而辅助决策、降低总体拥有成本并提高整个组织的投资回报率。 Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware存在安全漏洞,该漏洞允许未经身份验证的攻击者通过 HTTP 进行网络访问,从而破坏 Oracle 商业智能企业版。成功的攻击需要来自攻击者以外的其他人的人工交互,并且虽然漏洞存在于 Oracle 商业智能企业版中,但攻击可能会显着影响其他产品(范围更改)。攻击者可利用该漏洞对某些Oracle Business Intelligence Enterprise Edition可访问数据的未经授权的更新、插入或删除访问,以及对 Oracle Business Intelligence Enterprise Edition 可访问数据的子集的未经授权的读取访问。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.oracle.com/security-alerts/cpuapr2022.html

Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-21492
Impacted products
Name
Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-21492"
    }
  },
  "description": "Oracle Fusion Middleware\uff08Oracle\u878d\u5408\u4e2d\u95f4\u4ef6\uff09\u548cOracle Business Intelligence Enterprise Edition\u90fd\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Oracle Fusion Middleware\u662f\u4e00\u5957\u9762\u5411\u4f01\u4e1a\u548c\u4e91\u73af\u5883\u7684\u4e1a\u52a1\u521b\u65b0\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u63d0\u4f9b\u4e86\u4e2d\u95f4\u4ef6\u3001\u8f6f\u4ef6\u96c6\u5408\u7b49\u529f\u80fd\u3002Oracle Business Intelligence Enterprise Edition\u662f\u4e00\u6b3e\u667a\u80fd\u5546\u4e1a\u5206\u6790\u8f6f\u4ef6\u3002\u5bf9\u4f01\u4e1a\u6570\u636e\u8fdb\u884c\u53ef\u89c6\u5316\u5206\u6790\uff0c\u4ece\u800c\u8f85\u52a9\u51b3\u7b56\u3001\u964d\u4f4e\u603b\u4f53\u62e5\u6709\u6210\u672c\u5e76\u63d0\u9ad8\u6574\u4e2a\u7ec4\u7ec7\u7684\u6295\u8d44\u56de\u62a5\u7387\u3002\n\nOracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u901a\u8fc7 HTTP \u8fdb\u884c\u7f51\u7edc\u8bbf\u95ee\uff0c\u4ece\u800c\u7834\u574f Oracle \u5546\u4e1a\u667a\u80fd\u4f01\u4e1a\u7248\u3002\u6210\u529f\u7684\u653b\u51fb\u9700\u8981\u6765\u81ea\u653b\u51fb\u8005\u4ee5\u5916\u7684\u5176\u4ed6\u4eba\u7684\u4eba\u5de5\u4ea4\u4e92\uff0c\u5e76\u4e14\u867d\u7136\u6f0f\u6d1e\u5b58\u5728\u4e8e Oracle \u5546\u4e1a\u667a\u80fd\u4f01\u4e1a\u7248\u4e2d\uff0c\u4f46\u653b\u51fb\u53ef\u80fd\u4f1a\u663e\u7740\u5f71\u54cd\u5176\u4ed6\u4ea7\u54c1\uff08\u8303\u56f4\u66f4\u6539\uff09\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9\u67d0\u4e9bOracle Business Intelligence Enterprise Edition\u53ef\u8bbf\u95ee\u6570\u636e\u7684\u672a\u7ecf\u6388\u6743\u7684\u66f4\u65b0\u3001\u63d2\u5165\u6216\u5220\u9664\u8bbf\u95ee\uff0c\u4ee5\u53ca\u5bf9 Oracle Business Intelligence Enterprise Edition \u53ef\u8bbf\u95ee\u6570\u636e\u7684\u5b50\u96c6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bfb\u53d6\u8bbf\u95ee\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.oracle.com/security-alerts/cpuapr2022.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-33106",
  "openTime": "2022-04-24",
  "patchDescription": "Oracle Fusion Middleware\uff08Oracle\u878d\u5408\u4e2d\u95f4\u4ef6\uff09\u548cOracle Business Intelligence Enterprise Edition\u90fd\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Oracle Fusion Middleware\u662f\u4e00\u5957\u9762\u5411\u4f01\u4e1a\u548c\u4e91\u73af\u5883\u7684\u4e1a\u52a1\u521b\u65b0\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u63d0\u4f9b\u4e86\u4e2d\u95f4\u4ef6\u3001\u8f6f\u4ef6\u96c6\u5408\u7b49\u529f\u80fd\u3002Oracle Business Intelligence Enterprise Edition\u662f\u4e00\u6b3e\u667a\u80fd\u5546\u4e1a\u5206\u6790\u8f6f\u4ef6\u3002\u5bf9\u4f01\u4e1a\u6570\u636e\u8fdb\u884c\u53ef\u89c6\u5316\u5206\u6790\uff0c\u4ece\u800c\u8f85\u52a9\u51b3\u7b56\u3001\u964d\u4f4e\u603b\u4f53\u62e5\u6709\u6210\u672c\u5e76\u63d0\u9ad8\u6574\u4e2a\u7ec4\u7ec7\u7684\u6295\u8d44\u56de\u62a5\u7387\u3002\r\n\r\nOracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u901a\u8fc7 HTTP \u8fdb\u884c\u7f51\u7edc\u8bbf\u95ee\uff0c\u4ece\u800c\u7834\u574f Oracle \u5546\u4e1a\u667a\u80fd\u4f01\u4e1a\u7248\u3002\u6210\u529f\u7684\u653b\u51fb\u9700\u8981\u6765\u81ea\u653b\u51fb\u8005\u4ee5\u5916\u7684\u5176\u4ed6\u4eba\u7684\u4eba\u5de5\u4ea4\u4e92\uff0c\u5e76\u4e14\u867d\u7136\u6f0f\u6d1e\u5b58\u5728\u4e8e Oracle \u5546\u4e1a\u667a\u80fd\u4f01\u4e1a\u7248\u4e2d\uff0c\u4f46\u653b\u51fb\u53ef\u80fd\u4f1a\u663e\u7740\u5f71\u54cd\u5176\u4ed6\u4ea7\u54c1\uff08\u8303\u56f4\u66f4\u6539\uff09\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9\u67d0\u4e9bOracle Business Intelligence Enterprise Edition\u53ef\u8bbf\u95ee\u6570\u636e\u7684\u672a\u7ecf\u6388\u6743\u7684\u66f4\u65b0\u3001\u63d2\u5165\u6216\u5220\u9664\u8bbf\u95ee\uff0c\u4ee5\u53ca\u5bf9 Oracle Business Intelligence Enterprise Edition \u53ef\u8bbf\u95ee\u6570\u636e\u7684\u5b50\u96c6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bfb\u53d6\u8bbf\u95ee\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle Fusion Middleware\u548cOracle Business Intelligence Enterprise Edition\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-33106\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-21492",
  "serverity": "\u4e2d",
  "submitTime": "2022-04-20",
  "title": "Oracle Fusion Middleware\u548cOracle Business Intelligence Enterprise Edition\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-33106\uff09"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.