Web Services Vulnerability in Oracle Hyperion Data Relationship Management
CVE-2025-21569

6.6MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Hyperion Data Relationship Management
Vendor: CVE Published:; 21 January 2025

Summary

A vulnerability exists in the Web Services component of Oracle Hyperion Data Relationship Management, affecting version 11.2.19.0.000. This vulnerability can be exploited by an attacker with high privileges and network access via HTTP. Successful exploitation may allow an attacker to take control of the Oracle Hyperion Data Relationship Management product, potentially compromising confidentiality, integrity, and availability of sensitive data managed by the system.

Affected Version(s)

Oracle Hyperion Data Relationship Management 11.2.19.0.000

References

https://www.oracle.com/security-alerts/cpujan2025.html

vendor-advisory

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Dec 24, 2024