The version of Oracle Business Intelligence Enterprise Edition (OAS) 6.4.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory, including the following:

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics   (component: Analytics Server (Apache Spark)). The supported version that is affected is 6.4.0.0.0. Easily   exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle   Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence   Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks   of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition.
  (CVE-2023-22946)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics   (component: Analytics Server (Apache Hadoop)). The supported version that is affected is 6.4.0.0.0. Easily   exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle   Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of   Oracle Business Intelligence Enterprise Edition. (CVE-2022-26612)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics   (component: Content Storage Service (Apache Commons Configuration)). Supported versions that are affected   are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network   access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this   vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. (CVE-2022-33980)   Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Business Intelligence Enterprise Edition (OAS 6.4) (October 2023 CPU)

critical Nessus Plugin ID 183507

Version 1.1

Version 1.0

Version 1.1 Oct 23, 2023, 4:39 PM CVSS metrics ("CVSSv2 score" changed from 9.0 to 7.5. "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C" to "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2023-22946" to "CVE-2022-33980") CVSSv3 score source (set to "CVE-2023-22946") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" set to "Exploits are available") Plugin Feed: 202310231639
Version 1.0 Oct 20, 2023, 5:46 PM New Plugin Feed: 202310201746