Unauthorized Access Flaw in Oracle Hyperion Lifecycle Management
CVE-2021-2445

5.7MEDIUM

Key Information:

Vendor: Oracle
Status: Hyperion Infrastructure Technology
Vendor: CVE Published:; 20 July 2021

Summary

A vulnerability in Oracle Hyperion's Lifecycle Management component could allow an attacker with network access to compromise the system. This issue requires user interaction from a third party, making it challenging to exploit. Once successfully executed, it could lead to unauthorized modifications to crucial data or the ability to delete data within Hyperion Infrastructure Technology, impacting data confidentiality and integrity.

Affected Version(s)

Hyperion Infrastructure Technology 11.2.5.0

References

https://www.oracle.com/security-alerts/cpujul2021.html

x_refsource_MISC

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 20, 2021
Vulnerability Reserved
Dec 9, 2020