Oracle issued their quarterly Critical Patch Update yesterday, and with it notice of several security issues of note:
- The most serious for OBIEE (CVE-2013-2186) rates 7.5 (out of 10) on the CVSS scale, affecting the OBIEE Security Platform on both 126.96.36.199 and 188.8.131.52. The access vector is by the network, there's no authentication required, and it can partially affect confidentiality, integrity, and availability.
- The patch for users of OBIEE 184.108.40.206 is to install the latest patchset, 220.127.116.11.150714 (3GB, released - by no coincidence I'm sure - just yesterday too).
- For OBIEE 18.104.22.168 there is a small patch (64Kb), number 21235195.
- There's also an issue affecting BI Mobile on the iPad prior to 22.214.171.124, the impact being partial impact on integrity.
- For users of ODI DQ 126.96.36.199 there's a whole slew of issues, fixed in CPU patch 21418574.
- Exalytics users who are on ILOM versions earlier that 3.2.6 are also affected by two issues (one of which is 10/10 on the CVSS scale)
The CPU document also notes that it is the final patch date for 10.1.3.4.2. If you are still on 10g, now really is the time to upgrade!