CVE-2025-21568

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-21568
Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Access and Security). The supported version that is affected is 11.2.19.0.000. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Data Relationship Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Data Relationship Management accessible data. CVSS 3.1 Base Score 4.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N).

4.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpujan2025.html
Configurations

No configuration.

History

04 Feb 2025, 17:15

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en el producto Oracle Hyperion Data Relationship Management de Oracle Hyperion (componente: Access and Security). La versión compatible afectada es la 11.2.19.0.000. Esta vulnerabilidad, que se puede explotar fácilmente, permite que un atacante con privilegios elevados y acceso a la red a través de HTTP ponga en peligro Oracle Hyperion Data Relationship Management. Los ataques exitosos requieren la interacción humana de una persona distinta del atacante. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado el acceso no autorizado a datos críticos o el acceso completo a todos los datos accesibles de Oracle Hyperion Data Relationship Management. Puntuación base de CVSS 3.1: 4,5 (impactos de confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N).
CWE CWE-863

21 Jan 2025, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-21 21:15

Updated : 2025-02-04 17:15

NVD link : CVE-2025-21568

Mitre link : CVE-2025-21568

CVE.ORG link : CVE-2025-21568

JSON object : View

Products Affected

No product.

CWE
CWE-863

Incorrect Authorization