Security Weakness in Business Intelligence Reports (Release 11i3)

Creation Date: 04-DEC-2002
Last Revision Date: 04-DEC-2002

Versions Affected

All Oracle Reports under the Oracle Business Intelligence System products Release 11i3

Platforms Affected

All Platforms

Description

A potential security vulnerability has been discovered in the Oracle Business Intelligence System Reports using Oracle Reports.

Oracle Business Intelligence System Reports, using Oracle Reports, contain a vulnerability that allows a knowledgeable and malicious user to bypass the user authentication check and gain unauthorized access to Oracle Reports without proper authentication.

Workaround

Oracle has fixed the potential security vulnerability identified above, under Mandatory Applications Security Patch for bug number 2590251. A patch for each Oracle Business Intelligence product can be downloaded individually (please see patch matrix below). A consolidated patch will also be available for download in the near future. This MetaLink Note will be updated with the consolidated patch number once available.

Patches

Patch Matrix Availability

If you are running Oracle Reports from any of these Intelligence products of the Oracle Business Intelligence System, Oracle strongly recommends that you apply the corresponding patch from the matrix above. Doing so will avoid this potential security vulnerability in the future.

Download currently available patches from Oracle Worldwide Support Services web site, MetaLink, (http://metalink.oracle.com). Activate the Patches button to get to the patches web page. Enter patch number for the Intelligence Product you need as indicated in the table above, select a platform and activate the 'Submit' button.

Oracle strongly recommends that you backup and comprehensively test the stability of your system upon application of any patch prior to deleting any of the original file(s) that are replaced by the patch.