HTTP: Oracle Business Intelligence UploadFndDBCPage Arbitrary File Upload
This signature detects attempts to exploit a known vulnerability against Oracle Business Intelligence. A successful attack can lead to remote file inclusion.
Extended Description
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Affected Products
Oracle bi_publisher
Short Name
HTTP:ORACLE:BI-DBC-FILE-UPLOAD
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Arbitrary Business CVE-2021-2392 File Intelligence Oracle Upload UploadFndDBCPage
Release Date
08/24/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3412
False Positive
Unknown
Vendors
Oracle
CVSS Score
9.0