Oracle issued their quarterly Critical Patch Update yesterday, and with it notice of several security issues of note:
- The most serious for OBIEE (CVE-2013-2186) rates 7.5 (out of 10) on the CVSS scale, affecting the OBIEE Security Platform on both 184.108.40.206 and 220.127.116.11. The access vector is by the network, there's no authentication required, and it can partially affect confidentiality, integrity, and availability.
- The patch for users of OBIEE 18.104.22.168 is to install the latest patchset, 22.214.171.124.150714 (3GB, released - by no coincidence I'm sure - just yesterday too).
- For OBIEE 126.96.36.199 there is a small patch (64Kb), number 21235195.
- There's also an issue affecting BI Mobile on the iPad prior to 188.8.131.52, the impact being partial impact on integrity.
- For users of ODI DQ 184.108.40.206 there's a whole slew of issues, fixed in CPU patch 21418574.
- Exalytics users who are on ILOM versions earlier that 3.2.6 are also affected by two issues (one of which is 10/10 on the CVSS scale)
The CPU document also notes that it is the final patch date for 10.1.3.4.2. If you are still on 10g, now really is the time to upgrade!