CVE-2026-21976

Опубликовано: 20 янв. 2026

Источник: nvd

CVSS3: 7.1

EPSS Низкий

Описание

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Oracle Analytics Cloud). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Business Intelligence Enterprise Edition executes to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

Ссылки

https://www.oracle.com/security-alerts/cpujan2026.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:business_intelligence:8.2.0.0.0:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 12%

0.00041

Низкий

7.1 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-w9mj-mcph-h88j

CVSS3: 7.1

github

14 дней назад

BDU:2026-00689

CVSS3: 7.1

fstec

15 дней назад

Уязвимость компонента Oracle Analytics Cloud программной платформы Oracle Business Intelligence Enterprise Edition, позволяющая нарушителю получить доступ на чтение, изменение и удаление данных

EPSS

Процентиль: 12%

0.00041

Низкий

7.1 High

CVSS3

Дефекты

NVD-CWE-noinfo