Access Vulnerability in Oracle Hyperion Data Relationship Management Component
CVE-2018-2610

5.3MEDIUM

Key Information:

Vendor
Oracle
Status
Hyperion Data Relationship Management
Vendor
CVE Published:
18 January 2018

Summary

An access vulnerability exists in the Hyperion Data Relationship Management component of Oracle Hyperion, particularly in the security mechanisms that enforce data access controls. This flaw permits an unauthenticated attacker with network accessibility via HTTP to exploit the weakness, potentially leading to unauthorized read access to sensitive data within the system. The vulnerability primarily affects users of Oracle Hyperion Data Relationship Management version 11.1.2.4.330, highlighting the need for organizations to implement robust security measures to mitigate risks associated with unauthorized access.

Affected Version(s)

Hyperion Data Relationship Management 11.1.2.4.330

References

http://www.securityfocus.com/bid/102637
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040206
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.