SQL Injection Vulnerability in Oracle Hyperion Financial Reporting
CVE-2017-10358

6.4MEDIUM

Key Information:

Vendor
Oracle
Status
Hyperion Financial Reporting
Vendor
CVE Published:
19 October 2017

Summary

A vulnerability exists in the Oracle Hyperion Financial Reporting component that allows low privileged attackers with network access via HTTP to exploit the system. This can lead to unauthorized access, permitting both data modification and extraction. Such attacks can compromise not only the Financial Reporting aspect but also potentially affect other related products. Attackers can execute unauthorized actions such as inserting, updating, or deleting accessible data, along with gaining read access to certain data within Oracle Hyperion Financial Reporting.

Affected Version(s)

Hyperion Financial Reporting 11.1.2

References

http://www.securitytracker.com/id/1039595
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101306
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.