CVE-2019-2927

Name of the Vulnerable Software and Affected Versions Hyperion Data Relationship Management version 11.1.2.4

Description The issue is related to inadequate access control in the Access and Security component of Hyperion Data Relationship Management, which can be exploited by a remote attacker to cause a denial of service, execute arbitrary code, or gain unauthorized access to sensitive information using the HTTP protocol. The exploitation of this issue is difficult and requires high privileges, as well as human interaction from someone other than the attacker. A successful attack can result in the takeover of Hyperion Data Relationship Management.

Recommendations For version 11.1.2.4, update to a version that includes the fix for this issue to prevent potential exploitation. As a temporary workaround, consider restricting access to the Access and Security component to minimize the risk of exploitation. Additionally, restrict HTTP access to the component to reduce the attack surface.