Oracle Business Intelligence - Remote Code Execution (CVE-2020-2950)

Oracle Analytics Web General product of Oracle Business Intelligence is affected by a Remote Code Execution vulnerability. The root cause of this vulnerability is a lack of proper validation of user-supplied data in BIRemotingServlet which can result in deserialization of untrusted data. An unauthenticated attacker can craft a special HTTP POST request and send it to the server, resulting in a Remote Code Execution vulnerability.

Oracle Analytics Web通用版Oracle商业智能产品受到远程代码执行漏洞的影响。该漏洞的根本原因在于BIRemotingServlet中用户提供数据的验证不充分，可能导致不受信任数据的反序列化。未经身份验证的攻击者可以构造特殊的HTTP POST请求并发送到服务器，从而引发远程代码执行漏洞。