A vulnerability was found in Oracle Hyperion Financial Reporting 11.1.2.4 (Financial Software) and classified as critical. Affected by this issue is an unknown function of the component cURL. Impacted is integrity. CVE summarizes:

Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Security Models). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Reporting. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Reporting accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N).

The weakness was shared 10/16/2019 as Oracle Critical Patch Update Advisory - October 2019 as confirmed advisory (Website). The advisory is available at oracle.com. This vulnerability is handled as CVE-2019-2959. The exploitation is known to be difficult. The attack may be launched remotely. Additional levels of successful authentication are needed for exploitation. Successful exploitation requires user interaction by the victim. The technical details are unknown and an exploit is not available.

Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The entries 143620, 143661, 143632 and 143631 are related to this item.

Productinfo

Type

• Financial Software

Vendor

• Oracle

Name

• Hyperion Financial Reporting

Version

• 11.1.2.4

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion