Oracle Hyperion BI+ Vulnerability: Likely Unauthorized Read Access to Subset of Data

CVE-2024-21257

3LOW

Key Information

Vendor: Oracle
Status: Oracle Hyperion Bi+
Vendor: CVE Published:; 15 October 2024

Summary

Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.18.0.000. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Hyperion BI+ executes to compromise Oracle Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hyperion BI+ accessible data. CVSS 3.1 Base Score 3.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).

Affected Version(s)

Oracle Hyperion BI+ = 11.2.18.0.000

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Oct 15, 2024
Vulnerability Reserved.
Dec 7, 2023

Collectors

NVD DatabaseMitre Database