Vulnerability in Oracle Hyperion Planning Smart View Component
CVE-2019-2770

4.5MEDIUM

Key Information:

Vendor: Oracle
Status: Hyperion Planning
Vendor: CVE Published:; 23 July 2019

Summary

This vulnerability exists in the Oracle Hyperion Planning component, specifically within the Smart View subcomponent. It allows an attacker with high privileges and network access via HTTP to compromise the system. The attack requires user interaction from a different individual, which leads to the risk of unauthorized access to sensitive data. If exploited, the attacker can potentially gain complete access to all data that is accessible within Oracle Hyperion Planning, posing a significant threat to data confidentiality.

Affected Version(s)

Hyperion Planning 11.1.2.4

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

4.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018