Vulnerability in Hyperion Essbase Administration Services by Oracle
CVE-2018-3140

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Hyperion Essbase Administration Services
Vendor
CVE Published:
17 October 2018

Summary

The vulnerability affects the Hyperion Essbase Administration Services component within Oracle Hyperion, particularly through the EAS Console. It enables an unauthenticated attacker with network access via HTTP to compromise the services. While successful exploitation necessitates human interaction from an individual other than the attacker, it can lead to unauthorized update, insert, or delete capabilities affecting sensitive data. Additionally, attackers may gain unauthorized read access to specific data managed by the Hyperion Essbase Administration Services, which may also impact other connected products. This vulnerability emphasizes the importance of securing the EAS Console against potential exploits.

Affected Version(s)

Hyperion Essbase Administration Services 11.1.2.4

References

http://www.securityfocus.com/bid/105641
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041898
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.