CVE-2024-21257

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21257
Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.18.0.000. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Hyperion BI+ executes to compromise Oracle Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hyperion BI+ accessible data. CVSS 3.1 Base Score 3.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).

3.0 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpuoct2024.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:hyperion_bi\+:11.2.18.0.000:*:*:*:*:*:*:*
History

06 Nov 2024, 22:55

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:hyperion_bi\+:11.2.18.0.000:*:*:*:*:*:*:*
References () https://www.oracle.com/security-alerts/cpuoct2024.html - () https://www.oracle.com/security-alerts/cpuoct2024.html - Vendor Advisory
First Time Oracle hyperion Bi\+
Oracle
CWE NVD-CWE-noinfo

16 Oct 2024, 16:38

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en el producto Oracle Hyperion BI+ de Oracle Hyperion (componente: UI y visualización). La versión compatible afectada es la 11.2.18.0.000. Esta vulnerabilidad, que se puede explotar fácilmente, permite que un atacante con pocos privilegios acceda al segmento de comunicación física conectado al hardware donde se ejecuta Oracle Hyperion BI+ para poner en peligro Oracle Hyperion BI+. Los ataques exitosos requieren la interacción humana de una persona distinta del atacante. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado un acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Hyperion BI+. Puntuación base CVSS 3.1 3.0 (impactos de confidencialidad). Vector CVSS: (CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).

15 Oct 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-15 20:15

Updated : 2024-11-06 22:55

NVD link : CVE-2024-21257

Mitre link : CVE-2024-21257

CVE.ORG link : CVE-2024-21257

JSON object : View

Products Affected

oracle

  • hyperion_bi\+
CWE
NVD-CWE-noinfo

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024