PT-2020-3878 · Oracle · Oracle Hyperion Financial Management

Damian Bury

Published

2020-07-15

Updated

2020-07-16

CVE-2020-14546

CVSS v2.0

4.9

Medium

Vector

AV:N/AC:H/Au:S/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions: Oracle Hyperion Financial Close Management version 11.1.2.4

Description: The issue exists due to insufficient input validation in the Close Manager component of Oracle Hyperion Financial Close Management. Exploitation of this issue may allow a remote attacker to modify, add, or delete data. The vulnerability is difficult to exploit and requires high privileges, as well as human interaction from someone other than the attacker. Successful attacks can result in unauthorized access to critical data or all accessible data within Hyperion Financial Close Management.

Recommendations: For version 11.1.2.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2020-04270

CVE-2020-14546

Affected Products

Oracle Hyperion Financial Management

PT-2020-3878 · Oracle · Oracle Hyperion Financial Management

CVE-2020-14546

Weakness Enumeration

Related Identifiers

Affected Products

References · 5