CVEFinder.io

CVE-2024-21099

🔶 medium
Summary

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Data Visualization). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible dat

Description

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Data Visualization). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

CVSS Score
4.3
Medium
EPSS Score
0.3
Exploit Probability
Published Date
2024-04-16
First Seen: 2026-01-05
Last Modified 2025-05-08
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE IDs (Weakness Types)
CWE-125

🔗 References 2

https://www.oracle.com/security-alerts/cpuapr2024.html
Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2024.html
Vendor Advisory

📦 Affected Products 1

Vendor Product Status Affected Versions
oracle business_intelligence Affected
v7.0.0.0.0

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-21976 ⚠️ high 7.1 0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Oracle Anal... 2026-01-20
CVE-2025-53049 ⚠️ high 8.4 0.1 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics W... 2025-10-21
CVE-2025-30759 🔶 medium 6.1 0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Se... 2025-07-15
CVE-2024-21139 🔶 medium 5.4 0.2 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics W... 2024-07-16
CVE-2024-21001 🔶 medium 5.4 0.4 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform... 2024-04-16
CVE-2024-21064 🔶 medium 5.4 0.2 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics W... 2024-04-16
These CVEs affect the same products