PT-2020-3873 · Oracle · Oracle Hyperion Financial Management

Lukasz Mikula

Published

2020-07-15

Updated

2020-07-17

CVE-2020-14541

CVSS v2.0

2.1

Low

Vector

AV:N/AC:H/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Oracle Hyperion Financial Close Management version 11.1.2.4

Description: The issue is related to the Close Manager component of Oracle Hyperion Financial Close Management, allowing a high-privileged attacker with network access via HTTP to compromise the system. This requires human interaction from someone other than the attacker and can result in unauthorized access to modify some of the accessible data. The vulnerability is difficult to exploit and can be used by an attacker with remote access.

Recommendations: For version 11.1.2.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2020-04265

CVE-2020-14541

Affected Products

Oracle Hyperion Financial Management

PT-2020-3873 · Oracle · Oracle Hyperion Financial Management

CVE-2020-14541

Weakness Enumeration

Related Identifiers

Affected Products

References · 5