Description

Oracle Business Intelligence is vulnerable to deserialization attacks. An attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system or to perform denial of service attack.

Remediation

Upgrade to the latest version of Oracle Business Intelligence

References

Oracle Critical Patch Update Advisory - April 2020

Java Unmarshaller Security - Turning your data into code execution

Related Vulnerabilities

WordPress Plugin Ajax Search Lite Remote Command Execution (3.1)

PHP code injection (pmwiki)

WordPress Plugin WordPress Mega Menu-QuadMenu Remote Code Execution (2.0.6)

WordPress Plugin Newsletter Subscription Form Possible Remote Code Execution (1.1.2)

ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360)

Severity

High

Classification

CVE-2020-2950 CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Insecure Deserialization Denial Of Service Acumonitor