Login Sign Up

CVE-2021-2025

8.2 HIGH

📋 TL;DR

An unauthenticated attacker can exploit this vulnerability in Oracle Business Intelligence Enterprise Edition via HTTP to gain unauthorized access to critical data. The attack requires human interaction from someone other than the attacker and can impact additional products beyond the vulnerable component. Affected versions include 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0.

💻 Affected Systems

Products:
  • Oracle Business Intelligence Enterprise Edition
Versions: 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in Analytics Web General component. Requires network access via HTTP and human interaction from someone other than the attacker.

📦 What is this software?

Business Intelligence by Oracle

View all CVEs affecting Business Intelligence →

Business Intelligence by Oracle

View all CVEs affecting Business Intelligence →

Business Intelligence by Oracle

View all CVEs affecting Business Intelligence →

Business Intelligence by Oracle

View all CVEs affecting Business Intelligence →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all Oracle BI accessible data including unauthorized access, modification, insertion, or deletion of sensitive business intelligence information.

🟠

Likely Case

Unauthorized access to critical business intelligence data and partial data manipulation capabilities.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent unauthenticated HTTP access to vulnerable systems.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

CVSS indicates easily exploitable (AC:L) and requires user interaction (UI:R). No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches from Oracle Critical Patch Update Advisory - January 2021

Vendor Advisory: https://www.oracle.com/security-alerts/cpujan2021.html

Restart Required: Yes

Instructions:

1. Download appropriate patch from Oracle Support. 2. Apply patch according to Oracle documentation. 3. Restart affected services. 4. Verify patch application.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to Oracle BI systems to trusted IP addresses only

iptables -A INPUT -p tcp --dport 80 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Web Application Firewall

all

Deploy WAF with rules to detect and block exploitation attempts

🧯 If You Can't Patch

  • Isolate vulnerable systems in separate network segment with strict access controls
  • Implement multi-factor authentication and monitor for suspicious access patterns

🔍 How to Verify

Check if Vulnerable:

Check Oracle BI version against affected versions list. Review Oracle patch application logs.

Check Version:

Check Oracle BI version through administration console or configuration files

Verify Fix Applied:

Verify patch version from Oracle documentation. Check that Critical Patch Update for January 2021 is applied.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to Analytics Web General component
  • Unusual data access patterns from unauthenticated sources

Network Indicators:

  • HTTP requests to Oracle BI endpoints from untrusted sources
  • Unusual traffic patterns to port 80/443 on Oracle BI servers

SIEM Query:

source="oracle_bi_logs" AND (event_type="unauthorized_access" OR user="anonymous")

📊 Metadata

CVE ID: CVE-2021-2025
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Published: January 20, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON