Access Vulnerability in Oracle Hyperion Data Relationship Management
CVE-2018-2915

5.8MEDIUM

Key Information:

Vendor
Oracle
Status
Hyperion Data Relationship Management
Vendor
CVE Published:
18 July 2018

Summary

The vulnerability in Oracle Hyperion's Data Relationship Management component allows unauthenticated attackers with network access to exploit the system via HTTPS. This results in unauthorized access to sensitive data within Hyperion Data Relationship Management, potentially affecting additional connected products. Attackers can read a subset of this critical data, exposing organizations to serious security risks and data breaches.

Affected Version(s)

Hyperion Data Relationship Management 11.1.2.4.330

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104797
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041304
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.