Lucene search

[email protected]CVE-2020-14768

HistoryOct 21, 2020 - 3:15 p.m.

CVE-2020-14768

2020-10-2115:15:17

[email protected]

web.nvd.nist.gov

cve-2020-14768

vulnerability

oracle hyperion

smart view provider

unauthorized access

partial denial of service

4 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:H/Au:S/C:P/I:P/A:P

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

4.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.8%

JSON

Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: Smart View Provider). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Hyperion Analytic Provider Services executes to compromise Hyperion Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Analytic Provider Services accessible data as well as unauthorized read access to a subset of Hyperion Analytic Provider Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion Analytic Provider Services. CVSS 3.1 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L).

Affected configurations

Vulners

NVD

Node

oraclehyperion_analytic_provider_servicesRange≤11.1.2.4

VendorProductVersionCPE
oraclehyperion_analytic_provider_services*cpe:2.3:a:oracle:hyperion_analytic_provider_services:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	hyperion_analytic_provider_services	*	cpe:2.3:a:oracle:hyperion_analytic_provider_services::::::::

CNA Affected

[
  {
    "product": "Hyperion Analytic Provider Services",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "11.1.2.4"
      }
    ]
  }
]

References

www.oracle.com/security-alerts/cpuoct2020.html

4 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:H/Au:S/C:P/I:P/A:P

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

4.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.8%

JSON

Related for CVE-2020-14768

cvelist1 nvd1 prion1 oracle1