CVE-2020-14768

Name of the Vulnerable Software and Affected Versions Hyperion Analytic Provider Services version 11.1.2.4

Description The issue is related to insufficient input validation in the Smart View Provider component of Hyperion Analytic Provider Services. This can allow a remote attacker to gain unauthorized access to protected information, modify, add, or delete data, or cause a denial of service using the HTTP protocol. The vulnerability is difficult to exploit and requires human interaction from someone other than the attacker, as well as access to the physical communication segment attached to the hardware where the service executes. Successful attacks can result in unauthorized access to some data, including read, update, insert, or delete access, as well as partial denial of service.

Recommendations For version 11.1.2.4, consider restricting access to the Smart View Provider component until a fix is available. As a temporary workaround, limit the ability to modify, add, or delete data through this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.