CVE-2024-21257

Published Oct 15, 2024

Last updated 11 days ago

CVSS low 3.0

Overview

Description: Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.18.0.000. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Hyperion BI+ executes to compromise Oracle Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hyperion BI+ accessible data. CVSS 3.1 Base Score 3.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).
Source: secalert_us@oracle.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 3
Impact score: 1.4
Exploitability score: 1.5
Vector string: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Severity: LOW

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

🚨 #Oracle Hyperion BI+ Vulnerability (#CVE-2024-21257): Mitigate Unauthorized Data Access https://t.co/AEgGoR7lCL
@UndercodeNews
7 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:hyperion_bi\\+:11.2.18.0.000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EC21BCB-FA89-475B-9A33-108FF5363829"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References