Home/Product/oracle business intelligence
Product

oracle business intelligence

87 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-21976
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Oracle Analytics Clou
7.1HIGH
 CVE-2025-53049
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Adminis
8.4HIGH
 CVE-2025-30759
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security).
6.1MEDIUM
 CVE-2024-21139
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Answers
5.4MEDIUM
 CVE-2024-21099
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Data Visualization).
4.3MEDIUM
 CVE-2024-21064
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Answers
5.4MEDIUM
 CVE-2024-21001
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security)
5.4MEDIUM
 CVE-2024-20913
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security)
5.4MEDIUM
 CVE-2024-20904
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supporte
5.0MEDIUM
 CVE-2023-22109
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Dashboa
4.6MEDIUM
 CVE-2023-22082
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supporte
5.4MEDIUM
 CVE-2023-22061
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer). T
5.4MEDIUM
 CVE-2023-22027
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server).
4.3MEDIUM
 CVE-2023-22021
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). S
4.3MEDIUM
 CVE-2023-22020
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). S
5.4MEDIUM
 CVE-2023-22013
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). S
4.3MEDIUM
 CVE-2023-22012
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server).
4.3MEDIUM
 CVE-2023-22011
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). S
5.4MEDIUM
 CVE-2023-21965
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server).
5.7MEDIUM
 CVE-2023-21952
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server).
5.7MEDIUM
 CVE-2023-21910
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web General
6.5MEDIUM
 CVE-2023-21892
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyz
5.4MEDIUM
 CVE-2023-21891
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyz
5.4MEDIUM
 CVE-2023-21861
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyz
5.4MEDIUM
 CVE-2022-21609
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Ser
5.7MEDIUM
 CVE-2020-19586
all versions
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminSty
9.0CRITICAL
 CVE-2022-21492
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Ser
6.1MEDIUM
 CVE-2022-21448
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyz
6.1MEDIUM
 CVE-2022-21421
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web
7.5HIGH
 CVE-2022-21419
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyz
6.1MEDIUM
 CVE-2022-23307
all versions
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a compon
8.8HIGH
 CVE-2022-23305
all versions
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted a
9.8CRITICAL
 CVE-2022-23302
all versions
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the
8.8HIGH
 CVE-2021-45105
all versions
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from sel
5.9MEDIUM
 CVE-2021-4104
all versions
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j config
7.5HIGH
 CVE-2021-2456
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web
9.8CRITICAL
 CVE-2021-30468
all versions
A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which
7.5HIGH
 CVE-2021-2191
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Act
5.4MEDIUM
 CVE-2021-2152
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web
4.0MEDIUM
 CVE-2021-22696
all versions
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth
7.5HIGH
 CVE-2021-23841
all versions
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and seria
5.9MEDIUM
 CVE-2021-23840
all versions
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the
7.5HIGH
 CVE-2021-23839
all versions
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and m
3.7LOW
 CVE-2021-2041
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation)
8.1HIGH
 CVE-2021-2025
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web
8.2HIGH
 CVE-2021-2005
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform S
4.7MEDIUM
 CVE-2021-2003
all versions
Vulnerability in the Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Dashbo
5.4MEDIUM
 CVE-2020-17530
all versions
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software :
9.8CRITICAL
 CVE-2020-1971
all versions
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPar
5.9MEDIUM
 CVE-2019-17566
all versions
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By
7.5HIGH
 CVE-2020-13954
all versions
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage i
6.1MEDIUM
 CVE-2020-14864
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation)
7.5HIGH
 CVE-2020-14843
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Act
7.1HIGH
 CVE-2020-14815
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Act
8.2HIGH
 CVE-2020-14766
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web
7.1HIGH
 CVE-2020-14690
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Act
8.2HIGH
 CVE-2020-14626
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web
8.1HIGH
 CVE-2020-14609
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web
8.6HIGH
 CVE-2020-14548
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web
3.4LOW
 CVE-2020-9480
all versions
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authe
9.8CRITICAL
 CVE-2020-11023
all versions
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sourc
6.9MEDIUM
 CVE-2020-2950
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web
9.8CRITICAL
 CVE-2020-2537
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Act
7.1HIGH
 CVE-2020-2535
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Ser
4.7MEDIUM
 CVE-2020-2531
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform S
3.1LOW
 CVE-2019-14862
all versions
There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web a
6.1MEDIUM
 CVE-2019-10219
all versions
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting
6.1MEDIUM
 CVE-2019-3012
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform S
5.3MEDIUM
 CVE-2019-2905
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation)
8.6HIGH
 CVE-2019-2900
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Act
7.5HIGH
 CVE-2019-2897
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Act
6.4MEDIUM
 CVE-2019-2605
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Web Cata
3.4LOW
 CVE-2019-1559
all versions
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to
5.9MEDIUM
 CVE-2018-3204
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytic
8.2HIGH
 CVE-2018-8013
all versions
In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream
9.8CRITICAL
 CVE-2018-2715
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: BI Platf
6.5MEDIUM
 CVE-2017-10068
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytic
8.2HIGH
 CVE-2017-10163
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytic
6.3MEDIUM
 CVE-2017-10060
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytic
8.2HIGH
 CVE-2017-10058
all versions
Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytic
6.9MEDIUM
 CVE-2016-7103
all versions
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or
6.1MEDIUM
 CVE-2016-3544
all versions
Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0,
7.6HIGH
 CVE-2016-3446
all versions
Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0
8.3HIGH
 CVE-2016-3433
all versions
Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0
5.4MEDIUM
 CVE-2016-0479
all versions
Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0,
6.1MEDIUM
 CVE-2016-0468
all versions
Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0,
5.4MEDIUM
 CVE-2014-7325
all versions
The Business Intelligence (aka com.magzter.businessintelligence) application 3.0 for Android does not verify X.509 certificates fr
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin