CVE-2020-2777

Name of the Vulnerable Software and Affected Versions Oracle Hyperion Financial Management version 11.1.2.4

Description The issue is related to insufficient access control in the Security component of Oracle Hyperion Financial Management. It allows a remote attacker to modify, add, or delete data using the HTTP protocol. The exploitation requires high privileges and human interaction from someone other than the attacker, potentially leading to unauthorized access to critical data.

Recommendations For version 11.1.2.4, consider restricting access to the Security component until a patch is available. As a temporary workaround, limit network access via HTTP to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.