Oracle Hyperion Planning and Budgeting Cloud Service EPM Agent Vulnerability Allowing Unauthorized Data Access
Vulnerability
A vulnerability exists in the Oracle Planning and Budgeting Cloud Service component of Oracle Hyperion, specifically in version 25.04.07. This easily exploitable vulnerability allows a high-privileged attacker with access to the infrastructure where the service runs to compromise it. Successful exploitation, which requires human interaction from someone other than the attacker, can lead to unauthorized access to critical data or complete access to all data available in Oracle Planning and Budgeting Cloud Service. Users are advised to update the EPM Agent. More information can be found in the Oracle documentation on downloading the EPM Agent.
Impact
Exploitation of this vulnerability could result in unauthorized access to critical data or complete access to all data in Oracle Planning and Budgeting Cloud Service.
Remediation
Users should update the EPM Agent. Instructions for downloading the EPM Agent are available in the Oracle documentation.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.