Vulnerability in Hyperion Financial Reporting by Oracle
CVE-2018-2907

8.6HIGH

Key Information:

Vendor
Oracle
Status
Hyperion Financial Reporting
Vendor
CVE Published:
18 July 2018

Summary

An unauthenticated access vulnerability exists in the Hyperion Financial Reporting component of Oracle Hyperion, specifically within the Security Models subcomponent. This flaw allows an attacker with network access through HTTP to compromise the functionality of Hyperion Financial Reporting without any form of authentication. While the vulnerability is isolated to Hyperion Financial Reporting, successful exploitation can have broader implications, potentially leading to unauthorized access to sensitive data across various interconnected products. Organizations using Oracle Hyperion 11.1.2 should prioritize mitigation strategies to defend against these risks.

Affected Version(s)

Hyperion Financial Reporting 11.1.2

References

http://www.securityfocus.com/bid/104794
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041304
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.