Vulnerabilities > Oracle > Business Intelligence > 12.2.1.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-22 | CVE-2021-2152 | Unspecified vulnerability in Oracle Business Intelligence Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). | 3.6 |
| 2021-04-02 | CVE-2021-22696 | Server-Side Request Forgery (SSRF) vulnerability in multiple products CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). | 7.5 |
| 2021-02-16 | CVE-2021-23841 | NULL Pointer Dereference vulnerability in multiple products The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. | 5.9 |
| 2021-02-16 | CVE-2021-23840 | Integer Overflow or Wraparound vulnerability in multiple products Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. | 7.5 |
| 2021-02-16 | CVE-2021-23839 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products OpenSSL 1.0.2 supports SSLv2. | 3.7 |
| 2021-01-20 | CVE-2021-2041 | Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). network oracle | 6.8 |
| 2021-01-20 | CVE-2021-2025 | Unspecified vulnerability in Oracle Business Intelligence Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). network oracle | 5.8 |
| 2021-01-20 | CVE-2021-2005 | Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). network oracle | 4.3 |
| 2021-01-20 | CVE-2021-2003 | Unspecified vulnerability in Oracle Business Intelligence Vulnerability in the Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Dashboards). network oracle | 4.9 |
| 2020-12-11 | CVE-2020-17530 | Expression Language Injection vulnerability in multiple products Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. | 7.5 |