Security Flaw in Oracle Hyperion Financial Reporting by Oracle
CVE-2019-2959

4.2MEDIUM

Key Information:

Vendor: Oracle
Status: Hyperion Financial Reporting
Vendor: CVE Published:; 16 October 2019

Summary

A vulnerability exists in Oracle Hyperion Financial Reporting, specifically in the security models component, which can be exploited by a high privileged attacker with network access via HTTP. The flaw may lead to unauthorized creation, deletion, or modification of critical data within the Hyperion environment. Successful exploitation requires human interaction from an individual other than the attacker, introducing an element of social engineering into the threat landscape. Attackers may manipulate the integrity of all accessible data in Hyperion Financial Reporting, emphasizing the need for improved security measures and user awareness.

Affected Version(s)

Hyperion Financial Reporting 11.1.2.4

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_MISC

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Dec 14, 2018