Lucene search
KpcZDI-21-883HistoryJul 22, 2021 - 12:00 a.m.
Oracle Business Intelligence UploadFndDBCPage Arbitrary File Upload Remote Code Execution Vulnerability
2021-07-2200:00:00
kpc
www.zerodayinitiative.com
42
vulnerability
remote code execution
oracle business intelligence
uploadfnddbcpage
arbitrary file upload
authentication
EPSS
0.043
Percentile
92.3%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle Business Intelligence. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the UploadFndDBCPage class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the service account.
Related
checkpoint_advisories
checkpoint_advisories
Oracle Fusion Middleware BI Publisher Arbitrary File Upload (CVE-2021-2392)
2021-08-26 00:00:00
cvelist
cvelist
CVE-2021-2392
2021-07-20 22:44:06
cve
cve
CVE-2021-2392
2021-07-21 15:15:43
prion
prion
Design/Logic Flaw
2021-07-21 15:15:00
nvd
nvd
CVE-2021-2392
2021-07-21 15:15:43
cnvd
cnvd
Oracle BI Publisher has an unspecified vulnerability (CNVD-2021-54730)
2021-07-21 00:00:00
nessus
nessus
oracle
oracle
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00