Oracle Hyperion Financial Reporting Repository Vulnerability
CVE-2023-22062

8.5HIGH

Key Information:

Vendor: Oracle
Status: Hyperion Financial Reporting
Vendor: CVE Published:; 18 July 2023

Summary

An easily exploitable vulnerability exists within the Oracle Hyperion Financial Reporting product, specifically in the Repository component. This vulnerability allows low-privileged attackers with network access via HTTP to compromise the Oracle Hyperion Financial Reporting system. Exploitation can lead to unauthorized access to sensitive data and the potential for partial denial of service. Notably, while the vulnerability is centered on Oracle Hyperion Financial Reporting, its exploitation might also have serious implications for related products, expanding the potential attack surface and impact.

Affected Version(s)

Hyperion Financial Reporting 11.2.13.0.000

References

https://www.oracle.com/security-alerts/cpujul2023.html

vendor-advisory

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 18, 2023
Vulnerability Reserved
Dec 17, 2022