CVE-2020-2769

Name of the Vulnerable Software and Affected Versions Oracle Hyperion Financial Reporting versions 11.1.2.4

Description The issue is related to insufficient access control in the Web Based Report Designer component of Oracle Hyperion Financial Reporting. It allows a remote attacker to gain unauthorized access to protected information via the HTTP protocol. The attack requires human interaction from someone other than the attacker and can result in unauthorized read access to a subset of Hyperion Financial Reporting accessible data.

Recommendations For version 11.1.2.4, consider restricting access to the Web Based Report Designer component to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the use of the HTTP protocol for accessing sensitive information within the Hyperion Financial Reporting product.