CVE-2023-21952: 
Oracle Business Intelligence Enterprise Edition (OBIEE) vulnerability analysis and mitigation

A vulnerability in Oracle Business Intelligence Enterprise Edition (component: Analytics Server) version 6.4.0.0.0 was identified. This easily exploitable vulnerability allows low privileged attackers with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. The vulnerability requires human interaction from someone other than the attacker (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 5.7 (Confidentiality impacts) with the following vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N. This indicates the vulnerability requires network access, low attack complexity, low privileges, and user interaction to exploit, with potential high impact on confidentiality but no impact on integrity or availability (Oracle Advisory).

Successful exploitation of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data (Oracle Advisory).

Oracle has released patches to address this vulnerability as part of their April 2023 Critical Patch Update. It is strongly recommended that customers apply the security patches as soon as possible (Oracle Advisory).

The vulnerability was discovered and reported by AnhNH, ChauUHM, and TungHT of Sacombank (Oracle Advisory).