La Sostenibilità per TIM

Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci

Ultimi Comunicati Stampa

Redazione ufficio stampa

Leggi gli ultimi comunicati stampa e naviga nell'archivio dell'Ufficio Stampa del Gruppo TIM. Leggi i comunicati

CVE-2021-2005

CVE-2021-2005 – ORACLE Business Intelligence Enterprise Edition of Oracle Fusion Middleware

Vulnerability Description: URL Redirection to Untrusted Site ('Open Redirect')
Software Version: Oracle Business Intelligence Enterprise Edition of Oracle Fusion Middleware. The affected versions are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0.
NISThttps://nvd.nist.gov/vuln/detail/CVE-2021-2005
Oracle Credits CPU 2021: https://www.oracle.com/security-alerts/cpujan2021.html
CVSv3: 4.7
Severity: Medium
Credits
: Alessandro Bosco, Luca Di Giuseppe, Francesco Russo, Edoardo Predieri, Fabio Minarelli, Massimiliano Brolli

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions) allows unauthenticated attacker to construct a URL within the application that causes a redirection to an arbitrary external domain. This behavior can be leveraged to facilitate phishing attacks against users of the application.