CVE-2019-2861

EPSS 4.3%

Vexday Risk Score

23Bajo

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS —EPSS 4.3%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Ciclo de vida

23 jul 2019Publicada en NVD

31 jul 2019PoC pública

Recomendación: Planificar corrección próxima — ya existe PoC pública.

Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Planning accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N).

Productos afectados

Oracle Corporation · Hyperion Planning

PoCs públicas encontradas — 2

cve_referencepacketstormsecurity.com/files/153841/Oracle-Hyperion-Planning-11.1.2.3-XML-Injection.htmlno verificado exploitdbwww.exploit-db.com/exploits/47196no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://packetstormsecurity.com/files/153841/Oracle-Hyperion-Planning-11.1.2.3-XML-Injection.html http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html