CVE-2018-3177

Name of the Vulnerable Software and Affected Versions Oracle Hyperion versions 11.1.2.4

Description The issue is related to insufficient access control in the Hyperion Common Events component, specifically in the User Interface subcomponent. It allows an unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events, requiring human interaction from a person other than the attacker. Successful attacks can result in unauthorized update, insert, or delete access to some of Hyperion Common Events' accessible data, as well as unauthorized read access to a subset of Hyperion Common Events' accessible data.

Recommendations For Oracle Hyperion version 11.1.2.4, consider restricting access to the User Interface subcomponent of Hyperion Common Events to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the use of HTTP protocol for accessing Hyperion Common Events.