Dawid Jonienc

**Name of the Vulnerable Software and Affected Versions** Oracle Hyperion Data Relationship Management version 11.2.19.0.000 **Description** The issue is related to the Access and Security component of Oracle Hyperion Data Relationship Management, allowing a high-privileged attacker with network access via HTTP to compromise the system. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized access to critical data or complete access to all accessible data. **Recommendations** For version 11.2.19.0.000, consider restricting access to the Access and Security component until a patch is available. As a temporary workaround, limit the use of HTTP protocol for remote access to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ArcSight Logger versions prior to 7.3.0 **Description** The issue is related to Potential Cross-Site Scripting. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 7.3.0, update to version 7.3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ArcSight Logger versions prior to 7.3.0 **Description** The issue is related to a Potential XML External Entity Injection. **Recommendations** For versions prior to 7.3.0, update to version 7.3.0 or later to resolve the issue.