Login Sign Up

CVE-2024-21139

5.4 MEDIUM

📋 TL;DR

This vulnerability in Oracle Business Intelligence Enterprise Edition allows authenticated attackers with low privileges to manipulate or view sensitive data through the Analytics Web Answers component. It requires user interaction (like clicking a link) and affects versions 7.0.0.0.0, 7.6.0.0.0, and 12.2.1.4.0. The attack can impact other connected systems beyond the initial target.

💻 Affected Systems

Products:
  • Oracle Business Intelligence Enterprise Edition
Versions: 7.0.0.0.0, 7.6.0.0.0, 12.2.1.4.0
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Analytics Web Answers component to be enabled and accessible via HTTP.

📦 What is this software?

Business Intelligence by Oracle

View all CVEs affecting Business Intelligence →

Business Intelligence by Oracle

View all CVEs affecting Business Intelligence →

Business Intelligence by Oracle

View all CVEs affecting Business Intelligence →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains unauthorized data modification and read access across multiple connected systems, potentially compromising business intelligence data integrity and confidentiality.

🟠

Likely Case

Low-privileged user manipulates or views specific BI data they shouldn't have access to, potentially exposing sensitive business metrics or reports.

🟢

If Mitigated

Limited data exposure within the BI system only, with no lateral movement to other systems.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires authenticated low-privileged access and user interaction (UI:R).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches from Oracle Critical Patch Update July 2024

Vendor Advisory: https://www.oracle.com/security-alerts/cpujul2024.html

Restart Required: Yes

Instructions:

1. Download appropriate patch from Oracle Support. 2. Apply patch following Oracle BIEE patching procedures. 3. Restart BI services. 4. Verify patch application.

🔧 Temporary Workarounds

Restrict network access

all

Limit HTTP access to BIEE Analytics Web Answers component to trusted networks only

Configure firewall rules to restrict access to BIEE ports

Reduce user privileges

all

Implement least privilege principle for BIEE user accounts

Review and minimize BIEE user permissions

🧯 If You Can't Patch

  • Implement network segmentation to isolate BIEE systems
  • Enable detailed logging and monitoring for suspicious BIEE activity

🔍 How to Verify

Check if Vulnerable:

Check Oracle BIEE version and compare with affected versions list

Check Version:

Check Oracle BIEE version through administration console or opatch lsinventory

Verify Fix Applied:

Verify patch application through Oracle OPatch utility and check version post-patch

📡 Detection & Monitoring

Log Indicators:

  • Unusual Analytics Web Answers access patterns
  • Multiple failed authentication attempts followed by successful access
  • Unexpected data modification requests

Network Indicators:

  • HTTP requests to Analytics Web Answers endpoints from unusual sources
  • Pattern of requests suggesting data enumeration

SIEM Query:

source="BIEE" AND (event_type="data_modification" OR event_type="unauthorized_access")

📊 Metadata

CVE ID: CVE-2024-21139
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Published: July 16, 2024
Last Updated: December 5, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON