Przemysław Mazurek

**Nome do software vulnerável e versões afetadas** Oracle WebCenter Portal versão 12.2.1.4.0 **Descrição** A vulnerabilidade no produto Oracle WebCenter Portal está relacionada à proteção insuficiente de dados internos. Ela permite que um invasor remoto obtenha acesso não autorizado para ler, adicionar, modificar ou excluir informações protegidas por meio do protocolo HTTP. Ataques bem-sucedidos exigem interação humana e podem afetar significativamente outros produtos. A vulnerabilidade pode resultar em acesso não autorizado para atualizar, inserir ou excluir alguns dados acessíveis do Oracle WebCenter Portal, bem como acesso não autorizado para leitura de um subconjunto de dados acessíveis do Oracle WebCenter Portal. **Recomendações** Para a versão 12.2.1.4.0, atualize para uma versão mais recente que contenha uma correção para este problema. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** StrangeBee TheHive versions 4.1.21 through 5.0.8 Cortex version 3.1.6 **Description** An issue in the software allows a remote attacker to gain privileges via the Active Directory authentication mechanism. **Recommendations** For StrangeBee TheHive versions 4.1.21 through 5.0.8, consider disabling the Active Directory authentication mechanism until a patch is available. For Cortex version 3.1.6, restrict access to the Active Directory authentication mechanism to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Hyperion Financial Reporting version 11.2.13.0.000 **Description** The issue is related to insecure privilege management in the Repository component of Oracle Hyperion Financial Reporting. It allows a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks can result in unauthorized access to critical data, complete access to all accessible data, or a partial denial of service. The vulnerability may significantly impact additional products due to scope change. **Recommendations** For version 11.2.13.0.000, consider restricting access to the Repository component until a patch is available. As a temporary workaround, limit the use of HTTP network access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle Hyperion Workspace version 11.2.13.0.000 **Description** The issue is related to insecure privilege management in the UI and Visualization component of Oracle Hyperion Workspace. It allows a low-privileged attacker with network access via HTTP to compromise Oracle Hyperion Workspace. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized creation, deletion, or modification access to critical data, as well as unauthorized access to critical data and the ability to cause a partial denial of service. **Recommendations** For Oracle Hyperion Workspace version 11.2.13.0.000, consider applying security patches or updates to fix the vulnerability, as no specific workaround is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.