CVE-2020-14854

Опубликовано: 21 окт. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 7.9

EPSS Низкий

Описание

Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Infrastructure Technology accessible data as well as unauthorized access to critical data or complete access to all Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N).

Ссылки

https://www.oracle.com/security-alerts/cpuoct2020.html
Vendor Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00689

Низкий

6.1 Medium

CVSS3

7.9 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-r53q-2c4p-h7xf

github

больше 3 лет назад

BDU:2020-05041