Lucene search
K
OracleHyperion Data Relationship Management

12 matches found

CVE
CVE
added 2021/12/14 12:0 a.m.1434 views

CVE-2021-4104

CVE-2021-4104 affects JMSAppender in Log4j 1.2 when it is explicitly configured to use JMSAppender. A deserialization of untrusted data can occur if an attacker can write Log4j configuration and supply TopicBindingName and TopicConnectionFactoryBindingName, causing JMSAppender to perform JNDI req...

7.5CVSS9.4AI score0.81147EPSS
In wildWeb
CVE
CVE
added 2021/12/18 11:55 a.m.1185 views

CVE-2021-45105

Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...

5.9CVSS7.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2022/01/18 3:25 p.m.850 views

CVE-2022-23302

CVE-2022-23302 affects Log4j 1.x JMSSink. TheDeserialization flaw allows remote code execution when an attacker can write to the Log4j configuration or when the configuration references an LDAP service the attacker controls. JMSSink can be triggered via a TopicConnectionFactoryBindingName to caus...

8.8CVSS9.3AI score0.61785EPSS
CVE
CVE
added 2022/01/18 3:25 p.m.790 views

CVE-2022-23307

CVE-2022-23307 concerns a deserialization vulnerability in the Chainsaw component of Apache Log4j 1.x (Chainsaw bundled with Log4j 1.2.x). The root cause is unsafe deserialization of untrusted data via Chainsaw, allowing potential code execution. Multiple Atlassian products initially bundled Chai...

9CVSS9.2AI score0.52458EPSS
CVE
CVE
added 2022/01/18 3:25 p.m.732 views

CVE-2022-23305

CVE-2022-23305 concerns Apache Log4j 1.x when configured with JDBCAppender: an SQL statement is built from a PatternLayout-converted value (notably %m), allowing an attacker to craft input to alter and potentially execute SQL. The issue is specific to Log4j 1.x if JDBCAppender is used; JDBCAppend...

9.8CVSS9.4AI score0.66537EPSS
Web
CVE
CVE
added 2020/10/30 11:10 a.m.195 views

CVE-2020-7760

This CVE-2020-7760 affects CodeMirror prior to 5.58.2 (and org.apache.marmotta.webjars:codemirror) with a ReDOs vulnerability in a JavaScript mode regex (sub-pattern (s|/. ?/) ). IBM’s bulletin confirms the same issue and notes watsonx.data is affected (version 2.2.1) and that remediation is to u...

7.5CVSS6.1AI score0.05197EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.59 views

CVE-2019-2927

CVE-2019-2927 concerns Oracle Hyperion Data Relationship Management (component: Access and Security). Affected product/version: Hyperion DRM 11.1.2.4. The issue is exploitable over HTTP with network access by a high-privilege attacker; user interaction is required for successful exploitation and ...

6.4CVSS6.1AI score0.01067EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.54 views

CVE-2018-2610

CVE-2018-2610 affects Oracle Hyperion Data Relationship Management, subcomponent Access and security , specifically the affected product/version: Hyperion Data Relationship Management 11.1.2.4.330. The vulnerability description states an unauthenticated attacker with network access over HTTP can ...

5.3CVSS4.9AI score0.01498EPSS
CVE
CVE
added 2025/01/21 8:53 p.m.54 views

CVE-2025-21569

CVE-2025-21569 affects Oracle Hyperion Data Relationship Management 11.2.19.0.000 (Web Services). The vulnerability exists in the Web Services component and can allow a high-privileged attacker with network access via HTTP to compromise the system, potentially taking over the application. The CVS...

6.6CVSS5.8AI score0.00473EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.51 views

CVE-2018-2915

CVE-2018-2915 affects Oracle Hyperion Data Relationship Management (DRM), specifically the Access and security subcomponent in version 11.1.2.4.330. The available descriptions consistently state a vulnerability that an unauthenticated attacker can exploit over HTTPS to read data from DRM, with th...

5.8CVSS5AI score0.02066EPSS
CVE
CVE
added 2025/01/21 8:53 p.m.50 views

CVE-2025-21568

CVE-2025-21568 affects Oracle Hyperion Data Relationship Management, component Access and Security , version 11.2.19.0.000. A high-privilege attacker with network access via HTTP can compromise the system; exploitation requires user interaction. Impact is unauthorized access to critical data or f...

4.5CVSS3.7AI score0.00423EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.41 views

CVE-2018-3208

Summary: CVE-2018-3208 affects the Oracle Hyperion Data Relationship Management component, specifically the Access and Security subcomponent, in version 11.1.2.4.345. The vulnerability is exploitable by a low-privilege attacker who has network access via HTTP, potentially leading to unauthorized ...

7.7CVSS7.3AI score0.02006EPSS