Vulnerability in Oracle Hyperion Essbase Administration Services EAS Console
CVE-2018-3141

5.8MEDIUM

Key Information:

Vendor
Oracle
Status
Hyperion Essbase Administration Services
Vendor
CVE Published:
17 October 2018

Summary

The vulnerability in the Hyperion Essbase Administration Services (EAS Console) of Oracle Hyperion could allow an unauthenticated attacker with network access via HTTP to compromise the service. This flaw may lead to unauthorized operations on sensitive data, such as updates, insertions, or deletions within the accessible datasets of Hyperion Essbase Administration Services. Although the vulnerability is primarily focused on the EAS Console, the potential for broader impact across related products poses significant risks. Comprehensive security measures should be implemented to mitigate the chance of exploitation.

Affected Version(s)

Hyperion Essbase Administration Services 11.1.2.4

References

http://www.securityfocus.com/bid/105641
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041898
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.