CVE-2024-21257

Name of the Vulnerable Software and Affected Versions Oracle Hyperion BI+ version 11.2.18.0.000

Description The issue is related to insufficient input validation in the UI and Visualization component of Oracle Hyperion BI+. It allows a low-privileged attacker to compromise Oracle Hyperion BI+ and gain unauthorized read access to a subset of accessible data. Successful attacks require human interaction from a person other than the attacker and can be executed via the network using the HTTP protocol.

Recommendations For Oracle Hyperion BI+ version 11.2.18.0.000, consider applying configuration changes to restrict access to sensitive data until a patch is available. As a temporary workaround, restrict access to the UI and Visualization component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.