Description

It's possible to access the Oracle Business Intelligence by using the default credentials. Therefore, an attacker can interact with the server as an administrator which leads to takeover of the server.

Remediation

Change the default administrative usernames and passwords of Oracle Business Intelligence

References

Understanding the Default Security Configuration - Oracle

Related Vulnerabilities

Mojolicious weak secret key

RethinkDB administrative interface publicly exposed

phpLiteAdmin default password

SonarQube default credentials

PrimeFaces 5.x Expression Language injection

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Default Credentials