Lucene search
Quynh Le of VNPT ISCZDI-21-460HistoryApr 22, 2021 - 12:00 a.m.
Oracle Business Intelligence T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability
2021-04-2200:00:00
Quynh Le of VNPT ISC
www.zerodayinitiative.com
22
remote code execution
unauthenticated access
t3 protocol
EPSS
0.717
Percentile
98.1%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle Business Intelligence. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol. Crafted data in a T3 protocol message can trigger the deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account.
Related
prion
prion
Design/Logic Flaw
2021-04-22 22:15:00
cvelist
cvelist
CVE-2021-2302
2021-04-22 21:54:01
cve
cve
CVE-2021-2302
2021-04-22 22:15:17
vulnrichment
vulnrichment
CVE-2021-2302
2021-04-22 21:54:01
nvd
nvd
CVE-2021-2302
2021-04-22 22:15:17
githubexploit
githubexploit
Exploit for Vulnerability in Oracle Platform Security For Java
2021-09-16 08:27:30
oracle
oracle
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00