Unauthorized Data Access in Oracle Hyperion Infrastructure Technology
CVE-2020-14854

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Hyperion Infrastructure Technology
Vendor: CVE Published:; 21 October 2020

Summary

A serious access control vulnerability exists in Oracle's Hyperion Infrastructure Technology, specifically within the UI and Visualization component. This flaw enables a high-privileged attacker with network access via HTTP to potentially compromise the application. Successful exploitation requires some degree of human interaction from a user other than the attacker. If exploited, it could allow for unauthorized creation, deletion, or modification of critical data, potentially granting complete access to all data within the Hyperion Infrastructure Technology environment.

Affected Version(s)

Hyperion Infrastructure Technology 11.1.2.4

References

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 21, 2020
Vulnerability Reserved
Jun 19, 2020