Oracle Business Intelligence Enterprise Edition versions 126.96.36.199.0, 188.8.131.52.0, and 184.108.40.206.0 suffer from local file inclusion and directory traversal vulnerabilities.
advisories | CVE-2020-14864
# Exploit Title: Oracle Business Intelligence Enterprise Edition 220.127.116.11.0 / 18.104.22.168.0 / 22.214.171.124.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion
# Date: 2020-10-27
# Exploit Author: Ivo Palazzolo (@palaziv)
# Reference: https://www.oracle.com/security-alerts/cpuoct2020.html
# Vendor Homepage: https://www.oracle.com
# Software Link: https://www.oracle.com/middleware/technologies/bi-enterprise-edition-downloads.html
# Version: 126.96.36.199.0, 188.8.131.52.0, 184.108.40.206.0
# Tested on: SUSE Linux Enterprise Server
# CVE: CVE-2020-14864
A Directory Traversal vulnerability has been discovered in the 'getPreviewImage' function of Oracle Business Intelligence Enterprise Edition. The 'getPreviewImage' function is used to get a preview image of a previously uploaded theme logo. By manipulating the 'previewFilePath' URL parameter an attacker with access to the administration interface is able to read arbitrary system files.