HTTP: Oracle Business Intelligence Enterprise Edition Cross Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability in Oracle Business Intelligence. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.6 and other versions allows remote attackers to affect integrity via unknown vectors related to Installation.
Affected Products
Oracle fusion_middleware
Short Name
HTTP:XSS:ORACLE-BIEE-XSS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Business CVE-2012-1686 Cross Edition Enterprise Intelligence Oracle Scripting Site bid:56026
Release Date
01/14/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Oracle
CVSS Score
4.3