CVE-2020-14546

Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data. CVSS 3.1 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N).

CVSS v3 4.2 MEDIUM
CVSS v2.0 2.1 LOW

4.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.5 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:S/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.oracle.com/security-alerts/cpujul2020.html	Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2020.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:hyperion_financial_close_management:11.1.2.4:*:*:*:*:*:*:*

History

21 Nov 2024, 05:03

Type	Values Removed	Values Added
References	~~() https://www.oracle.com/security-alerts/cpujul2020.html - Vendor Advisory~~	() https://www.oracle.com/security-alerts/cpujul2020.html - Vendor Advisory

Information

Published : 2020-07-15 18:15

Updated : 2024-11-21 05:03

NVD link : CVE-2020-14546

Mitre link : CVE-2020-14546

CVE.ORG link : CVE-2020-14546

JSON object : View

Products Affected

oracle

hyperion_financial_close_management

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-14546", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.5}]}, "published": "2020-07-15T18:15:16.753", "references": [{"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data. CVSS 3.1 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Hyperion Financial Close Management de Oracle Hyperion (componente: Close Manager). La versi\u00f3n soportada que se ve afectada es la 11.1.2.4. La vulnerabilidad de dif\u00edcil explotaci\u00f3n permite que un atacante de alto privilegio con acceso a la red a trav\u00e9s de HTTP comprometa el Hyperion Financial Close Management. Los ataques exitosos requieren de la interacci\u00f3n humana de una persona diferente al atacante. Ataques exitosos de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada del acceso a datos cr\u00edticos o a todos los datos accesibles de Hyperion Financial Close Management. CVSS 3.1 Puntuaci\u00f3n base 4.2 (Impactos de integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N)"}], "lastModified": "2024-11-21T05:03:30.377", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:hyperion_financial_close_management:11.1.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD28B7E4-66A7-45FD-92CD-F4A291392F87"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}