CVE-2022-21614 Oracle Enterprise Data Quality is vulnerable to a dashboard vulnerability. Affected versions are 12.2.1.3.0 and 12.2.1.4.0.

When exporting data from Oracle Enterprise Data Quality, the following error message might appear if the Security setting of the target environment is enabled.

CVE-2018-2736: A vulnerability was discovered in Oracle Enterprise Data Quality where the application does not perform a proper validation of the XLSX file format before attempting to import it. This could lead to data extraction leading to unauthorized access. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). When exporting data from Oracle Enterprise Data Quality, the following error message might appear if the Security setting of the target environment is enabled. CVE-2018-2736: A vulnerability was discovered in Oracle Enterprise Data Quality where the application does not perform a proper validation of the XLSX file format before attempting to import it. This could lead to data extraction leading to unauthorized access. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). On the 12.2.1.3.0 and 12.2.1.4.0 versions, the following SQL injection vulnerability

SQL Injection

CVE-2018-2736: A vulnerability was discovered in Oracle Enterprise Data Quality where the application does not perform a proper validation of the XLSX file format before attempting to import it. This could lead to data extraction leading to unauthorized access. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). On the 12.2.1.3.0 and 12.2.1.4.0 versions, the following SQL injection vulnerability
When exporting data from Oracle Enterprise Data Quality, the following error message might appear if the Security setting of the target environment is enabled

SQL Injection vulnerability vulnerability

When exporting data from Oracle Enterprise Data Quality, the following SQL injection vulnerability could exist in the application.
CVE-2018-2736: A vulnerability was discovered in Oracle Enterprise Data Quality where the application does not perform a proper validation of the XLSX file format before attempting to import it. This could lead to data extraction leading to unauthorized access. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). When exporting data from Oracle Enterprise Data Quality, the following SQL injection vulnerability could exist in the application.

SQL Injection Vulnerability

CVE-2018-2736 is a vulnerability in Oracle Enterprise Data Quality where the application does not perform a proper validation of the XLSX file format before attempting to import it. This could lead to data extraction leading to unauthorized access. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
This security issue is only available on the 12.2.1.3.0 and 12.2.1.4.0 versions, and it will be fixed in 12-Factor releases as well as the next patch release that is planned for early October 2018 (12-FBR3).

Overview

CVE-2018-2736: A vulnerability was discovered in Oracle Enterprise Data Quality where the application does not perform a proper validation of the XLSX file format before attempting to import it. This could lead to data extraction leading to unauthorized access. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Timeline

Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC

References