Hyperion Financial Reporting
Monthly
Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.0.22 and prior 2.0.x versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A carefully crafted PDF file can trigger an infinite loop while loading the file.0.22 and prior 2.0.x versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Web Based Report Designer). Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Security Models). Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable.
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in the Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Workspace). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.
Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Unspecified vulnerability in the Hyperion Financial Reporting component in Oracle Hyperion 11.1.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.0.22 and prior 2.0.x versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A carefully crafted PDF file can trigger an infinite loop while loading the file.0.22 and prior 2.0.x versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Web Based Report Designer). Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Security Models). Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable.
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in the Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Workspace). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.
Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Unspecified vulnerability in the Hyperion Financial Reporting component in Oracle Hyperion 11.1.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.