Skip to main content

Hyperion Data Relationship Management CVE-2018-2915

MEDIUM
2018-07-18 secalert_us@oracle.com
5.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.8 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 18, 2018 - 13:29 nvd
MEDIUM 5.8

DescriptionNVD

Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and security). The supported version that is affected is 11.1.2.4.330. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Hyperion Data Relationship Management. While the vulnerability is in Hyperion Data Relationship Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion Data Relationship Management accessible data. CVSS 3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).

AnalysisAI

Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and security). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and security). The supported version that is affected is 11.1.2.4.330. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Hyperion Data Relationship Management. While the vulnerability is in Hyperion Data Relationship Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion Data Relationship Management accessible data. CVSS 3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). Affected products include: Oracle Hyperion Data Relationship Management.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-4104 HIGH
7.5 Dec 14

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Lo

CVE-2022-23305 CRITICAL
9.8 Jan 18

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be

CVE-2020-7760 HIGH POC
7.5 Oct 30

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. Rat

CVE-2022-23307 HIGH
8.8 Jan 18

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Rated high severity (CVSS 8.8), th

CVE-2022-23302 HIGH
8.8 Jan 18

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write acce

CVE-2018-3208 HIGH
7.7 Oct 17

Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and Securi

CVE-2019-2927 MEDIUM
6.4 Oct 16

Vulnerability in the Hyperion Data Relationship Management product of Oracle Hyperion (component: Access and Security).

CVE-2018-2610 MEDIUM
5.3 Jan 18

Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and securi

CVE-2025-21569 MEDIUM
6.6 Jan 21

Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Web Services).

CVE-2025-21568 MEDIUM
4.5 Jan 21

Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Access and Secu

Share

CVE-2018-2915 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy