Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 16 Oracle Analytics Lounge
- 216 Oracle Analytics News
- 43 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 79 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
How to fix OBIEE Security vulnerability
According to the results of internal vulnerability scanning, OBIEE have security vulnerabilities, what we need to install the patch?
| Severity | Port | Synopsis | Description | Solution | Risk Factor |
| Critical | 7001 | The remote Oracle WebLogic server is affected by a remote code execution vulnerability. | The remote Oracle WebLogic server is affected by a remote code execution vulnerability in the WLS Security component due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this to execute arbitrary code on the target host. | Follow the advice in Oracle's advisory to patch the server. | Critical |
| Critical | 7001 | An application server running on the remote host is affected by a remote code execution vulnerability. | The remote Oracle WebLogic Server is affected by a remote code execution vulnerability in the Java Messaging Service subcomponent in the readExternal() function due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a crafted object payload, to bypass the lassFilter.class blacklist and execute arbitrary Java code. | Apply the appropriate patch according to the April 2016 Oracle Critical Patch Update advisory. | Critical |
OBIEE version is 11.1.1.6.0(weblogic 10.3.5).
Please advise.
Thanks
Answers
-
1022889 wrote:OBIEE version is 11.1.1.6.0(weblogic 10.3.5).
An unpatched .6.0 installation which was released in February 2012....yeah you're quite outdated there as that version isn't even in error correction support anymore: https://support.oracle.com/epmos/faces/DocumentDisplay?parent=DOCUMENT&sourceId=1488475.1&id=1664916.1
The very last Bundle patch for 11.1.1.6 was 11.1.1.6.12 from 30th August 2013.
11.1.1.7 (the follow-up version to your) already had 14 bundle patches and stands at 11.1.1.7.161018.
11.1.1.9 (the of .7) had 7 bundle patches and stands at 11.1.1.9.170117.
Full list here: https://support.oracle.com/epmos/faces/DocumentDisplay?id=1488475.1&displayIndex=1#aref_section21
Same for 12c here: https://support.oracle.com/epmos/faces/DocumentDisplay?id=2070465.1&displayIndex=2#aref_section33
Again you're totally outdated - minimum is patching 11.1.1.6 but you will still be out of support so UPGRADE as soon as possible!
0 -
Thanks.
0 -
If this answers your question, please close the thread to the benefit of other users.
Currently your question is still marked as "Not Answered" which isn't optimal for people using the forum search functionalities and browsing threads.
0