CVE-2025-21569

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-21569
Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Web Services). The supported version that is affected is 11.2.19.0.000. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Data Relationship Management. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Data Relationship Management. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

6.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpujan2025.html
Configurations

No configuration.

History

04 Feb 2025, 17:15

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en el producto Oracle Hyperion Data Relationship Management de Oracle Hyperion (componente: Web Services). La versión compatible afectada es la 11.2.19.0.000. Esta vulnerabilidad, difícil de explotar, permite que un atacante con privilegios elevados y acceso a la red a través de HTTP ponga en peligro Oracle Hyperion Data Relationship Management. Los ataques exitosos de esta vulnerabilidad pueden provocar la toma de control de Oracle Hyperion Data Relationship Management. Puntuación base CVSS 3.1 6.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
CWE CWE-863

21 Jan 2025, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-21 21:15

Updated : 2025-02-04 17:15

NVD link : CVE-2025-21569

Mitre link : CVE-2025-21569

CVE.ORG link : CVE-2025-21569

JSON object : View

Products Affected

No product.

CWE
CWE-863

Incorrect Authorization