Critical vulnerabilities in Oracle Business Intelligence applications are found out by ERPScan experts.
Vulnerability allows the legitimate user of business analytics system to raise the privileges up to the administrative level and also to get access to an operating system and to all critical for business data.
“The patch for founded vulnerability was released in April, but we decided to give to users two more months on installation of the given updating before publishing an exploit code.
The given research was held by ERPScan in the field of business applications security research and working out of the ERPScan Security Scanner aimed at business applications security audit, which is at present realized for SAP system security assessment”, commented Alexander Polyakov, CTO at ERPScan.
Details about vulnerabilities are available here: [ERPSCAN-11-021] Oracle BI — WB_OLAP_AW_REMOVE_SOLVE_ID – privilege escalation