Hillstone Networks

RULE（RULE ID：713919）

Rule General Information


Release Date:		2020-05-07

Rule Name:		Oracle Business Intelligence BIRemotingServlet AMF Insecure Deserialization Vulnerability -2 (CVE-2020-2950)

Severity:

CVE ID:

Rule Protection Details


Description:		Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition.

Impact:		An attacker could exploit this vulnerability to have unspecified effect.

Affected OS:		Windows, Linux, FreeBSD, Solaris, Other Unix, Mac OS

Reference:		https://www.oracle.com/security-alerts/cpuapr2020.html ZeroDayInitiative:ZDI-20-505

Solutions

The vendors have released upgrade patches to fix vulnerabilities, please visit:
https://www.oracle.com/security-alerts/cpuapr2020.html