Lucene search
Quynh Le of VNPT ISCZDI-21-884HistoryJul 22, 2021 - 12:00 a.m.
Oracle Business Intelligence UpdateConnectionServlet JNDI Injection Remote Code Execution Vulnerability
2021-07-2200:00:00
Quynh Le of VNPT ISC
www.zerodayinitiative.com
63
oracle business intelligence
updateconnectionservlet
jndi injection
remote code execution
vulnerability
authentication
lack of validation
user-supplied data
java code
service account context
EPSS
0.114
Percentile
95.2%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle Business Intelligence. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpdateConnectionServlet class. The issue results from the lack of proper validation of user-supplied data, which can result in execution of arbitrary Java code. An attacker can leverage this vulnerability to execute code in the context of the service account.
Related
nvd
nvd
CVE-2021-2396
2021-07-21 15:15:45
cve
cve
CVE-2021-2396
2021-07-21 15:15:45
prion
prion
Design/Logic Flaw
2021-07-21 15:15:00
cvelist
cvelist
CVE-2021-2396
2021-07-20 22:44:10
cnvd
cnvd
Oracle BI Publisher has an unspecified vulnerability (CNVD-2021-54729)
2021-07-21 00:00:00
nessus
nessus
oracle
oracle
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00