CVE-2020-14864 - Oracle Business Intelligence Enterprise Edition Path Transversal
Project:Oracle
Product:Intelligence Enterprise Edition
Date Added:2022-01-18Due Date:2022-07-18
Vulnerability Name
Oracle Business Intelligence Enterprise Edition Path Transversal
Description
Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-14864