Access and Security Vulnerability in Oracle Hyperion Data Relationship Management
CVE-2025-21568

4.5MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Hyperion Data Relationship Management
Vendor: CVE Published:; 21 January 2025

Summary

A vulnerability within the Access and Security component of Oracle Hyperion Data Relationship Management version 11.2.19.0.000 allows high-privileged attackers with network access via HTTP to compromise the system. Successful exploitation of this vulnerability necessitates human interaction from someone other than the attacker's party, potentially leading to unauthorized access to critical data or comprehensive access to all data within Oracle Hyperion Data Relationship Management.

Affected Version(s)

Oracle Hyperion Data Relationship Management 11.2.19.0.000

References

https://www.oracle.com/security-alerts/cpujan2025.html

vendor-advisory

CVSS V3.1

Score:

4.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Dec 24, 2024