Vulnerability in Hyperion Financial Reporting by Oracle
CVE-2018-2907

8.6HIGH

Key Information:

Vendor

Oracle
Status
Hyperion Financial Reporting
Vendor
CVE Published:
18 July 2018

What is CVE-2018-2907?

An unauthenticated access vulnerability exists in the Hyperion Financial Reporting component of Oracle Hyperion, specifically within the Security Models subcomponent. This flaw allows an attacker with network access through HTTP to compromise the functionality of Hyperion Financial Reporting without any form of authentication. While the vulnerability is isolated to Hyperion Financial Reporting, successful exploitation can have broader implications, potentially leading to unauthorized access to sensitive data across various interconnected products. Organizations using Oracle Hyperion 11.1.2 should prioritize mitigation strategies to defend against these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Hyperion Financial Reporting 11.1.2

References

http://www.securityfocus.com/bid/104794
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041304
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.