Oracle Hyperion Financial Reporting Workspace Component Vulnerability Allowing Unauthorized Data Access and Modification

A vulnerability has been identified in the Oracle Hyperion Financial Reporting product, specifically in the Workspace component, version 11.2.20.0.000. This easily exploitable vulnerability allows a low-privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. Successful exploitation requires human interaction from a third party. While the vulnerability resides in Oracle Hyperion Financial Reporting, it may also significantly impact additional products, leading to a scope change. Exploitation of this vulnerability could result in unauthorized read access to certain subsets of accessible data, as well as unauthorized update, insert, or delete access to other accessible data within Oracle Hyperion Financial Reporting.

Impact

Exploitation of this vulnerability could lead to unauthorized read access to some Oracle Hyperion Financial Reporting data, as well as unauthorized modification of accessible data, allowing for unauthorized updates, inserts, or deletions.