CVE-2014-4246

Unspecified vulnerability in the Hyperion Analytic Provider Services component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via vectors related to SVP.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:P/I:N/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://seclists.org/fulldisclosure/2014/Dec/23
http://secunia.com/advisories/59303
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	Vendor Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.securityfocus.com/bid/68586
http://www.securitytracker.com/id/1030579
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/94567

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:hyperion:11.1.2.2:::::::*
	cpe:2.3:a:oracle:hyperion:11.1.2.3:::::::*

History

No history.

Information

Published : 2014-07-17 11:17

Updated : 2018-10-09 19:48

NVD link : CVE-2014-4246

Mitre link : CVE-2014-4246

CVE.ORG link : CVE-2014-4246

JSON object : View

Products Affected

oracle

hyperion

CWE

NVD-CWE-noinfo

{"id": "CVE-2014-4246", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-07-17T11:17:10.217", "references": [{"url": "http://seclists.org/fulldisclosure/2014/Dec/23", "source": "secalert_us@oracle.com"}, {"url": "http://secunia.com/advisories/59303", "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded", "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/68586", "source": "secalert_us@oracle.com"}, {"url": "http://www.securitytracker.com/id/1030579", "source": "secalert_us@oracle.com"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "source": "secalert_us@oracle.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94567", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Hyperion Analytic Provider Services component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via vectors related to SVP."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente Hyperion Analytic Provider Services en Oracle Hyperion 11.1.2.2 y 11.1.2.3 permite a usuarios remotos autenticados afectar la confidencialidad a trav\u00e9s de vectores relacionados con SVP."}], "lastModified": "2018-10-09T19:48:42.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:hyperion:11.1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74DA49AC-B255-470A-839D-210EA929AB96"}, {"criteria": "cpe:2.3:a:oracle:hyperion:11.1.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D31D1BC-B017-4464-A0E3-84C2F20887C3"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}