Security Flaw in Oracle Hyperion Financial Management Product
CVE-2020-2777

4.2MEDIUM

Key Information:

Vendor
Oracle
Status
Hyperion Financial Management
Vendor
CVE Published:
15 April 2020

Summary

A vulnerability exists in Oracle's Hyperion Financial Management product, specifically within the Security component. This flaw allows high-privileged attackers with network access via HTTP to potentially compromise the application's functionality. Although exploiting this vulnerability is challenging, it necessitates human interaction from an individual other than the attacker. Successful exploitation can lead to unauthorized actions such as the creation, deletion, or modification of critical data, raising substantial risks for the integrity of all accessible data within Hyperion Financial Management.

Affected Version(s)

Hyperion Financial Management 11.1.2.4

References

https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.