CVE-2020-14770

Name of the Vulnerable Software and Affected Versions Oracle Hyperion BI+ version 11.1.2.4

Description The issue is related to insufficient input validation in the IQR-Foundation service component of Oracle Hyperion BI+. It allows a high-privileged attacker with network access via multiple protocols to compromise Hyperion BI+, resulting in unauthorized read access to a subset of Hyperion BI+ accessible data. Successful attacks require human interaction from a person other than the attacker.

Recommendations For version 11.1.2.4, consider restricting access to the IQR-Foundation service component to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the use of the affected service to reduce the potential impact of the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.