CVE-2021-2158

Name of the Vulnerable Software and Affected Versions Oracle Hyperion Financial Management version 11.1.2.4

Description The issue exists due to insufficient input validation in the Task Automation component of Oracle Hyperion Financial Management. This allows a remote attacker to read data, modify data, cause a partial denial of service, or gain privileged access via HTTP requests. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized access to some of the application's data.

Recommendations For version 11.1.2.4, consider restricting access to the Task Automation component until a patch is available. As a temporary workaround, limit the use of HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.