Security patches released for OBIEE 11.1.1.7/11.1.1.9, and ODI DQ 11.1.1.3
Oracle issued their quarterly Critical Patch Update yesterday, and with it notice of several security issues of note:
- The most serious for OBIEE (CVE-2013-2186) rates 7.5 (out of 10) on the CVSS scale, affecting the OBIEE Security Platform on both 11.1.1.7 and 11.1.1.9. The access vector is by the network, there's no authentication required, and it can partially affect confidentiality, integrity, and availability.
- The patch for users of OBIEE 11.1.1.7 is to install the latest patchset, 11.1.1.7.150714 (3GB, released - by no coincidence I'm sure - just yesterday too).
- For OBIEE 11.1.1.9 there is a small patch (64Kb), number 21235195.
- There's also an issue affecting BI Mobile on the iPad prior to 11.1.1.7, the impact being partial impact on integrity.
- For users of ODI DQ 11.1.1.3 there's a whole slew of issues, fixed in CPU patch 21418574.
- Exalytics users who are on ILOM versions earlier that 3.2.6 are also affected by two issues (one of which is 10/10 on the CVSS scale)
The CPU document also notes that it is the final patch date for 10.1.3.4.2. If you are still on 10g, now really is the time to upgrade!
Full details of the issues can be found in Critical Patch Update document, and information about patches on My Oracle Support, DocID 2005667.1.