cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-21257,https://securityvulnerability.io/vulnerability/CVE-2024-21257,Oracle Hyperion BI+ Vulnerability: Likely Unauthorized Read Access to Subset of Data,Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.18.0.000. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Hyperion BI+ executes to compromise Oracle Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hyperion BI+ accessible data. CVSS 3.1 Base Score 3.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).,Oracle,Oracle Hyperion Bi+,3,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-15T19:52:53.351Z,0 CVE-2023-22060,https://securityvulnerability.io/vulnerability/CVE-2023-22060,Unauthorized Access Vulnerability in Oracle Hyperion Workspace by Oracle,"An access control vulnerability exists in Oracle Hyperion Workspace that allows a low-privileged attacker to exploit the system via HTTP. This vulnerability may lead to unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to sensitive information. Additionally, this flaw can allow attackers to cause a partial denial of service, affecting the availability of the workspace. Successful exploitation requires user interaction, making it a potential threat in environments where users are unaware of the risks.",Oracle,Hyperion Bi+,7.6,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0 CVE-2021-2439,https://securityvulnerability.io/vulnerability/CVE-2021-2439,UI and Visualization Vulnerability in Oracle Hyperion BI+ Product,"An unauthorized access vulnerability exists in the UI and Visualization component of Oracle Hyperion BI+. This flaw enables an unauthenticated attacker with network access via HTTP to potentially compromise the system. Successful exploitation requires human interaction from a user other than the attacker, which could lead to unauthorized access to certain data subsets. It is crucial for organizations using the affected versions to implement necessary security measures to mitigate this risk.",Oracle,Hyperion Bi+,4.3,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2021-07-20T22:44:48.000Z,0 CVE-2020-14770,https://securityvulnerability.io/vulnerability/CVE-2020-14770,Unauthorized Access Vulnerability in Oracle Hyperion BI+ Product,"The vulnerability in Oracle Hyperion BI+ pertains to the IQR-Foundation service, which is susceptible to a scenario where a highly privileged attacker, with network access via various protocols, can manipulate the system. Exploiting this vulnerability necessitates user interaction from a third party, making it challenging to trigger successfully. Such breaches can lead to unauthorized access, allowing the attacker to read sensitive data that is otherwise protected within the Hyperion BI+ environment. Effectively addressing this issue is crucial to maintaining the confidentiality of data handled by Hyperion BI+.",Oracle,Hyperion Bi+,2,LOW,0.0006600000197067857,false,,false,false,false,,,false,false,,2020-10-21T14:04:24.000Z,0 CVE-2020-14767,https://securityvulnerability.io/vulnerability/CVE-2020-14767,Security Flaw in Oracle Hyperion BI+ Affecting IQR-Foundation Service,"A vulnerability exists in Oracle's Hyperion BI+ product, specifically within the IQR-Foundation service. This flaw is difficult to exploit and requires the attacker to have high privileges and network access through various protocols. Importantly, the attack necessitates human interaction from a victim other than the attacker, which may involve social engineering tactics. If successfully exploited, this vulnerability can lead to unauthorized access to sensitive data, allowing an attacker to compromise the integrity of the Hyperion BI+ environment and access critical information accessible within the system.",Oracle,Hyperion Bi+,4.2,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2020-10-21T14:04:24.000Z,0 CVE-2020-14560,https://securityvulnerability.io/vulnerability/CVE-2020-14560,UI and Visualization Vulnerability in Oracle Hyperion BI+ by Oracle,"A vulnerability identified in the Oracle Hyperion BI+ product enables high-privileged attackers with network access via HTTP to exploit the UI and Visualization components. While the vulnerability is challenging to exploit, it requires human interaction from an individual other than the attacker. When successfully executed, it may result in unauthorized access to critical information, offering potential exposure to all data accessible through Oracle Hyperion BI+. Organizations using affected versions must remain vigilant to mitigate risks associated with this vulnerability.",Oracle,Hyperion Bi+,4.2,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2020-07-15T17:34:27.000Z,0 CVE-2019-2735,https://securityvulnerability.io/vulnerability/CVE-2019-2735,Vulnerability in Oracle Hyperion Workspace Component Affecting Oracle Corporation,"A vulnerability in the Oracle Hyperion Workspace component allows high-privileged attackers with network access through HTTP to compromise the system. While exploitation requires human interaction from a user other than the attacker, successful attacks can lead to unauthorized read access to confidential data within the Oracle Hyperion Workspace. Organizations using version 11.1.2.4 should take immediate measures to mitigate this risk and protect sensitive information.",Oracle,Hyperion Bi+,2.4,LOW,0.000539999979082495,false,,false,false,false,,,false,false,,2019-07-23T23:15:00.000Z,0 CVE-2019-2415,https://securityvulnerability.io/vulnerability/CVE-2019-2415,,"Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Foundation UI & Servlets). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion BI+ accessible data as well as unauthorized read access to a subset of Hyperion BI+ accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion BI+. CVSS 3.0 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L).",Oracle,Hyperion Bi+,4.3,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2019-01-16T19:00:00.000Z,0 CVE-2018-3184,https://securityvulnerability.io/vulnerability/CVE-2018-3184,,Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: IQR - Foundation Services). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion BI+ accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).,Oracle,Hyperion Bi+,2.4,LOW,0.0005799999926239252,false,,false,false,false,,,false,false,,2018-10-17T01:00:00.000Z,0 CVE-2018-2595,https://securityvulnerability.io/vulnerability/CVE-2018-2595,,"Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Foundation UI & Servlets). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion BI+ accessible data as well as unauthorized read access to a subset of Hyperion BI+ accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion BI+. CVSS 3.0 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L).",Oracle,Hyperion Bi+,4.3,MEDIUM,0.0007699999841861427,false,,false,false,false,,,false,false,,2018-01-18T02:00:00.000Z,0 CVE-2018-2594,https://securityvulnerability.io/vulnerability/CVE-2018-2594,,"Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Foundation UI & Servlets). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion BI+ accessible data as well as unauthorized read access to a subset of Hyperion BI+ accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion BI+. CVSS 3.0 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L).",Oracle,Hyperion Bi+,4.3,MEDIUM,0.0007699999841861427,false,,false,false,false,,,false,false,,2018-01-18T02:00:00.000Z,0 CVE-2017-10359,https://securityvulnerability.io/vulnerability/CVE-2017-10359,,"Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion (subcomponent: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hyperion BI+ accessible data as well as unauthorized read access to a subset of Oracle Hyperion BI+ accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",Oracle,Hyperion Bi+,5.4,MEDIUM,0.0015200000489130616,false,,false,false,false,,,false,false,,2017-10-19T17:00:00.000Z,0 CVE-2017-10312,https://securityvulnerability.io/vulnerability/CVE-2017-10312,,"Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion (subcomponent: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion BI+ accessible data as well as unauthorized update, insert or delete access to some of Oracle Hyperion BI+ accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).",Oracle,Hyperion Bi+,7.1,HIGH,0.0014700000174343586,false,,false,false,false,,,false,false,,2017-10-19T17:00:00.000Z,0 CVE-2008-2612,https://securityvulnerability.io/vulnerability/CVE-2008-2612,,"Unspecified vulnerability in the Hyperion BI Plus component in Oracle Application Server 8.3.2.4, 8.5.0.3, 9.2.0.3, 9.2.1.0, and 9.3.1.0 has unknown impact and remote attack vectors.",Oracle,"Oracle Application Server,Hyperion Bi Plus Component",,,0.006800000090152025,false,,false,false,false,,,false,false,,2008-07-15T23:41:00.000Z,0