Oracle issued their quarterly Critical Patch Update yesterday, and with it notice of several security issues of note:
- The most serious for OBIEE (CVE-2013-2186) rates 7.5 (out of 10) on the CVSS scale, affecting the OBIEE Security Platform on both 220.127.116.11 and 18.104.22.168. The access vector is by the network, there's no authentication required, and it can partially affect confidentiality, integrity, and availability.
- The patch for users of OBIEE 22.214.171.124 is to install the latest patchset, 126.96.36.199.150714 (3GB, released - by no coincidence I'm sure - just yesterday too).
- For OBIEE 188.8.131.52 there is a small patch (64Kb), number 21235195.
- There's also an issue affecting BI Mobile on the iPad prior to 184.108.40.206, the impact being partial impact on integrity.
- For users of ODI DQ 220.127.116.11 there's a whole slew of issues, fixed in CPU patch 21418574.
- Exalytics users who are on ILOM versions earlier that 3.2.6 are also affected by two issues (one of which is 10/10 on the CVSS scale)
The CPU document also notes that it is the final patch date for 10.1.3.4.2. If you are still on 10g, now really is the time to upgrade!