Vulnerability in Oracle Hyperion Planning Affects Security Components
CVE-2018-2733

7.6HIGH

Key Information:

Vendor
Oracle
Status
Hyperion Planning
Vendor
CVE Published:
18 January 2018

Summary

A vulnerability exists in the Oracle Hyperion Planning component that allows attackers with high privileges and network access via HTTP to exploit the system. This vulnerability necessitates human interaction from an individual other than the attacker, making it challenging yet potentially impactful. Successful exploitation can lead to a full takeover of Oracle Hyperion Planning, posing threats not only to this product but also potentially affecting other associated products. Users are urged to ensure that their systems are updated and monitored to mitigate any risks.

Affected Version(s)

Hyperion Planning 11.1.2.4.007

References

http://www.securityfocus.com/bid/102634
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040206
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.