3 Replies Latest reply on Feb 8, 2017 8:49 AM by Christian Berg

    How to fix OBIEE Security vulnerability

    1022889

      According to the results of internal vulnerability scanning, OBIEE have security vulnerabilities, what we need to install the patch? 

      SeverityPortSynopsisDescriptionSolutionRisk Factor
      Critical7001The remote Oracle WebLogic server is affected by a remote code execution
        vulnerability.
      The  remote Oracle WebLogic server is affected by a remote code execution  vulnerability in the WLS Security component due to unsafe deserialize calls  of unauthenticated Java objects to the Apache Commons Collections (ACC)
        library. An unauthenticated, remote attacker can exploit this to execute
        arbitrary code on the target host.
      Follow the advice in Oracle's advisory to patch the server.Critical
      Critical7001An application server running on the remote host is affected by a remote code
        execution vulnerability.
      The remote Oracle WebLogic Server is affected by a remote code execution  vulnerability in the Java Messaging Service subcomponent in the  readExternal() function due to improper sanitization of user-supplied input.  An unauthenticated, remote attacker can exploit this, via a crafted object  payload, to bypass the lassFilter.class blacklist and execute arbitrary Java  code.Apply the appropriate patch according to the April 2016 Oracle Critical Patch Update advisory.Critical

       

      OBIEE version is 11.1.1.6.0(weblogic 10.3.5).

       

      Please advise.

       

      Thanks