CVE-2017-10310
Summary
| CVE | CVE-2017-10310 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-10-19 17:29:00 UTC |
| Updated | 2017-10-24 17:00:00 UTC |
| Description | Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). The supported version that is affected is 11.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Oracle | Hyperion Financial Reporting | 11.1.2 | All | All | All |
| Application | Oracle | Hyperion Financial Reporting | 11.1.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Oracle Hyperion Financial Reporting CVE-2017-10310 Remote Security Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Oracle Hyperion Flaws Let Remote Users Access and Partially Modify Data on the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Oracle Critical Patch Update - October 2017 | CONFIRM | www.oracle.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.