Security Flaw in Oracle Hyperion Planning Affects Data Integrity
CVE-2019-2861

4.2MEDIUM

Key Information:

Vendor
Oracle
Status
Hyperion Planning
Vendor
CVE Published:
23 July 2019

Summary

A security flaw in the Oracle Hyperion Planning component enables a privileged attacker with network access via HTTP to potentially compromise the system. Exploitation of this vulnerability necessitates human interaction from another individual, which complicates the attack process. Once successfully executed, it could lead to unauthorized actions like the creation, deletion, or modification of critical data, affecting all data accessible within Oracle Hyperion Planning.

Affected Version(s)

Hyperion Planning 11.1.2.4

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_MISC
http://packetstormsecurity.com/files/153841/Oracle-Hyperi...
x_refsource_MISC

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.