Hyperion Infrastructure Technology@* Security Vulnerabilities and Issues — Hyperion Infrastructure Technology@* CVE List

Lucene search

OracleHyperion Infrastructure Technology*

10 matches found

CVE•added 2021/12/14 12:15 p.m.•1079 views

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remot...

7.5CVSS9.4AI score0.94358EPSS

CVE•added 2021/12/18 12:15 p.m.•979 views

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

5.9CVSS7.7AI score0.66522EPSS

CVE•added 2022/01/18 4:15 p.m.•699 views

CVE-2022-23302

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configura...

8.8CVSS9.3AI score0.72202EPSS

CVE•added 2022/01/18 4:15 p.m.•619 views

CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

9CVSS9.2AI score0.00752EPSS

CVE•added 2022/01/18 4:15 p.m.•589 views

CVE-2022-23305

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings int...

9.8CVSS9.4AI score0.14404EPSS

CVE•added 2021/03/19 4:15 p.m.•158 views

CVE-2021-27906

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

5.5CVSS5.6AI score0.00331EPSS

CVE•added 2021/03/19 4:15 p.m.•153 views

CVE-2021-27807

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

5.5CVSS5.6AI score0.00331EPSS

CVE•added 2021/07/21 3:16 p.m.•50 views

CVE-2021-2445

Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.5.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Infrastruc...

5.7CVSS5.4AI score0.01321EPSS

CVE•added 2021/07/21 3:15 p.m.•47 views

CVE-2021-2347

Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Infrastructu...

5.2CVSS5.4AI score0.00553EPSS

CVE•added 2020/10/21 3:15 p.m.•28 views

CVE-2020-14854

Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Infrastructu...

7.9CVSS6.1AI score0.00689EPSS