Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-53049

Опубликовано: 21 окт. 2025
Источник: nvd
CVSS3: 8.4
EPSS Низкий

Описание

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Administration). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H).

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:business_intelligence:8.2.0.0.0:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 27%
0.00094
Низкий

8.4 High

CVSS3

Дефекты

CWE-284

Связанные уязвимости

github логотип

GHSA-mh5q-j594-mf39

CVSS3: 8.4
github
4 месяца назад

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Administration). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H).

fstec логотип

BDU:2025-15851

CVSS3: 8.4
fstec
4 месяца назад

Уязвимость компонента Analytics Web Administration программной платформы Oracle Business Intelligence Enterprise Edition, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность данных

EPSS

Процентиль: 27%
0.00094
Низкий

8.4 High

CVSS3

Дефекты

CWE-284