Security Weakness in Business Intelligence Reports (Release 11i3)
Creation Date: 04-DEC-2002
Last Revision Date: 04-DEC-2002
All Oracle Reports under the Oracle Business Intelligence System products Release 11i3
A potential security vulnerability has been discovered in the Oracle Business Intelligence System Reports using Oracle Reports.
Oracle Business Intelligence System Reports, using Oracle Reports, contain a vulnerability that allows a knowledgeable and malicious user to bypass the user authentication check and gain unauthorized access to Oracle Reports without proper authentication.
Oracle has fixed the potential security vulnerability identified above, under Mandatory Applications Security Patch for bug number 2590251. A patch for each Oracle Business Intelligence product can be downloaded individually (please see patch matrix below). A consolidated patch will also be available for download in the near future. This MetaLink Note will be updated with the consolidated patch number once available.
Patch Matrix Availability
|BIM : Marketing Intelligence||2601916|
|ABM : Activity Based Management||2601866|
|BIX : Call Center Intelligence||2601931|
|HRI : HR Intelligence||2601959|
|CST : Oracle Cost Management||2601947|
|INV : Oracle Inventory||2601973|
|WIP : Work in Progress||2601994|
|QLT : Oracle Quality||2602314|
|MRP : Material Resource Planning||2602285|
|POA : Purchasing Intelligence||2593086|
|PMI : Process Manufacturing Int||2601988|
|BIL : Sales Intelligence||2601902|
|FII : Financials Intelligence||2600394|
|BIC : Customer Intelligence||Please contact Oracle Support|
If you are running Oracle Reports from any of these Intelligence products of the Oracle Business Intelligence System, Oracle strongly recommends that you apply the corresponding patch from the matrix above. Doing so will avoid this potential security vulnerability in the future.
Download currently available patches from Oracle Worldwide Support Services web site, MetaLink, ( http://metalink.oracle.com). Activate the Patches button to get to the patches web page. Enter patch number for the Intelligence Product you need as indicated in the table above, select a platform and activate the 'Submit' button.
Oracle strongly recommends that you backup and comprehensively test the stability of your system upon application of any patch prior to deleting any of the original file(s) that are replaced by the patch.