Task Automation Vulnerability in Oracle Hyperion Financial Management
CVE-2021-2158

3.9LOW

Key Information:

Vendor
Oracle
Status
Hyperion Financial Management
Vendor
CVE Published:
22 April 2021

Summary

A vulnerability in the Task Automation component of Oracle Hyperion Financial Management allows attackers with high privileges and network access via HTTP to compromise the software. Successful exploitation requires interaction from a separate user, leading to unauthorized updates, inserts, or deletions of accessible data. Additionally, attackers may gain unauthorized read access to certain data, as well as the ability to partially disrupt the service, potentially affecting the confidentiality, integrity, and availability of the system. Mitigation strategies should be implemented to secure affected instances.

Affected Version(s)

Hyperion Financial Management 11.1.2.4

References

https://www.oracle.com/security-alerts/cpuapr2021.html
x_refsource_MISC

CVSS V3.1

Score:
3.9
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.