CVE-2020-14560

Name of the Vulnerable Software and Affected Versions Oracle Hyperion BI+ version 11.1.2.4

Description The issue is related to insufficient input validation in the UI & Visualization component of Oracle Hyperion BI+. This can be exploited by a remote attacker to gain unauthorized access to protected information using the HTTP protocol. The exploitation is considered difficult and requires human interaction from someone other than the attacker, as well as high privileges and network access. Successful attacks can result in unauthorized access to critical data.

Recommendations For version 11.1.2.4, consider restricting access to the UI & Visualization component until a fix is available. As a temporary workaround, limit the use of HTTP protocol for sensitive operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.