Oracle Business Intelligence Enterprise Edition Web Administration Vulnerability Allowing Takeover

Vulnerability

A vulnerability has been identified in the Oracle Business Intelligence Enterprise Edition (OBIEE) product of Oracle Analytics, specifically within the Analytics Web Administration component. This vulnerability affects versions 7.6.0.0.0 and 8.2.0.0.0. It is easily exploitable and allows a high-privileged attacker with network access via HTTP to compromise OBIEE. Successful exploitation requires human interaction from a person other than the attacker. While the vulnerability resides in OBIEE, successful attacks could significantly impact additional products, leading to a scope change. Exploitation of this vulnerability can result in a complete takeover of the Oracle Business Intelligence Enterprise Edition.

Impact

Exploitation of this vulnerability can lead to a complete takeover of the Oracle Business Intelligence Enterprise Edition.

Added: Oct 21, 2025, 9:55 PM

Updated: Oct 21, 2025, 9:55 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

7.5

exploitability

4.5

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

7.5

exploitability

4.5

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle Business Intelligence Enterprise Edition Web Administration Vulnerability Allowing Takeover

Vulnerability

Impact

Affected Products

Oracle Business Intelligence Enterprise Edition

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating