Access and Security Vulnerability in Oracle Hyperion Data Relationship Management
CVE-2019-2927

6.4MEDIUM

Key Information:

Vendor: Oracle
Status: Hyperion Data Relationship Management
Vendor: CVE Published:; 16 October 2019

Summary

A vulnerability exists in the Hyperion Data Relationship Management product, specifically within its Access and Security component. This issue enables a high-privileged attacker, with network access via HTTP, to compromise the integrity of the Hyperion Data Relationship Management software. To successfully exploit this vulnerability, it requires human interaction from an individual who is not the attacker, facilitating the potential for unauthorized control over the management system. This can lead to severe implications for the confidentiality, integrity, and availability of the data managed by the application.

Affected Version(s)

Hyperion Data Relationship Management 11.1.2.4

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_MISC

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Dec 14, 2018