CVE-2018-2733

MEDIUM

Description

Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported version that is affected is 11.1.2.4.007. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hyperion Planning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Planning. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H).

References

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.securityfocus.com/bid/102634

http://www.securitytracker.com/id/1040206

Details

Source: MITRE

Published: 2018-01-18

Updated: 2019-10-03

Risk Information

CVSS v2.0

Base Score: 4.6

Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3.0

Base Score: 7.6

Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 1

Severity: HIGH

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
106349Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU)NessusWeb Servers
critical