CVE-2022-21609 Vulnerability in Oracle Business Intelligence Enterprise Edition 5.9.0.0 product. Affected version is 5.9.0.0.
VU#203418 The issue can be exploited by tricking user into opening a malicious file, by sending malicious link via email, or by injecting malicious code through insecure vulnerable software. Mitigation: Install Oracle Enterprise Edition 5.9.0.0 or later.
Patch all vulnerable components.
Set sound security policies such as blocking external access, set monitor settings on the firewall to alert when the number of external connections is too high.
Run a virus scan on vulnerable systems, block all incoming connections.
Run a vulnerability scan on all installed software. CVE number: CVE-2018-3765. Risk: An attacker with low user rights can execute remote code on the affected system. Solution: Apply patches provided by the vendor.
Disable remote access if possible.
Keep software up to date.
Keep systems protected with strong passwords.
If possible, run on a virtualized system.
For Windows systems, run anti-malware software, set up anti-malware and anti-exploit/anti-ransomware protection.
For Linux systems, set up an intrusion prevention system.
If possible, run on a virtualized system.
For Windows systems, run anti-malware software, set up anti-malware and anti-exploit/anti-ransomware protection.
For Linux systems, set up an intrusion prevention system. CVE number: CVE-2018-
Oracle Outside In CVE-2022-21609
Oracle Outside In is a software development kit (SDK) that enables developers to integrate Oracle’s software into their own applications. The issue can be exploited by tricking user into opening a malicious file, by sending malicious link via email, or by injecting malicious code through insecure vulnerable software. Mitigation: Install Oracle Enterprise Edition 5.9.0.0 or later.
Patch all vulnerable components.
Set sound security policies such as blocking external access, set monitor settings on the firewall to alert when the number of external connections is too high.
Run a virus scan on vulnerable systems, block all incoming connections.
Run a vulnerability scan on all installed software. CVE number: CVE-2018-3765 Risk: An attacker with low user rights can execute remote code on the affected system Solution: Apply patches provided by the vendor Disable remote access if possible Keep software up to date Keep systems protected with strong passwords If possible, run on a virtualized system For Windows systems, run anti-malware software, set up anti-malware and anti-exploit/anti-ransomware protection For Linux systems, set up an intrusion prevention system If possible, run on a virtualized system For Windows systems, run anti-malware software, set up anti-malware and anti-exploit/anti-ransomware protection For Linux systems, set up an intrusion prevention system
Timeline
Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC