Description
Oracle Business Intelligence is vulnerable to deserialization attacks. An attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system or to perform denial of service attack.
Remediation
Upgrade to the latest version of Oracle Business Intelligence
References
Oracle Critical Patch Update Advisory - April 2020
Java Unmarshaller Security - Turning your data into code execution
Related Vulnerabilities
Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.11)
WordPress Plugin Lightbox Jquery Possible Remote Code Execution (0.24)
WordPress OptimizePress unrestricted file upload
WordPress Plugin Subscribe Form Remote Command Execution (1.1)
WordPress Plugin WP-Stateless-Google Cloud Storage Remote Code Execution (2.2.0)