Skip to main content

Hyperion Infrastructure Technology CVE-2021-2347

MEDIUM
2021-07-21 secalert_us@oracle.com
5.2
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
5.2 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

Primary rating from Vendor (oracle) · only source for this CVE.

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 21, 2021 - 15:15 cve.org
MEDIUM 5.2

DescriptionCVE.org

Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion Infrastructure Technology accessible data as well as unauthorized update, insert or delete access to some of Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 5.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N).

AnalysisAI

Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). Rated medium severity (CVSS 5.2), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion Infrastructure Technology accessible data as well as unauthorized update, insert or delete access to some of Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 5.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N). Affected products include: Oracle Hyperion Infrastructure Technology.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-4104 HIGH
7.5 Dec 14

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Lo

CVE-2020-11984 CRITICAL POC
9.8 Aug 07

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE. Rated critical severity (CVSS 9.8)

CVE-2019-2729 CRITICAL POC
9.8 Jun 19

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Rated cr

CVE-2021-2351 HIGH POC
8.3 Jul 21

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), thi

CVE-2022-23305 CRITICAL
9.8 Jan 18

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be

CVE-2020-11993 HIGH POC
7.5 Aug 07

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic e

CVE-2020-13871 HIGH POC
7.5 Jun 06

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions i

CVE-2020-11655 HIGH POC
7.5 Apr 09

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function

CVE-2019-5427 HIGH POC
7.5 Apr 22

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protect

CVE-2019-10219 MEDIUM POC
6.1 Nov 08

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely explo

CVE-2020-11656 CRITICAL
9.8 Apr 09

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause tha

CVE-2019-13990 CRITICAL
9.8 Jul 26

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attack

Share

CVE-2021-2347 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy