Description
XMLPService service of Oracle Business Intelligence has the authentication bypass vulnerability. Therefore, an attacker can interact with the server as an administrator and install additional plugins, which may lead to takeover of the server.
Remediation
Upgrade to the latest version of Oracle Business Intelligence. This issue was fixed in Oracle Critical Patch Update - July 2019
References
Related Vulnerabilities
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-1814)
Moodle Improper Input Validation Vulnerability (CVE-2012-6087)
OpenSSL Cryptographic Issues Vulnerability (CVE-2014-3572)
Oracle JRE Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2024-21140)