CVE-2020-14767

MEDIUM

Oracle Hyperion BI+ 11.1.2.4 - Info Disclosure

Title source: llm
STIX 2.1

Description

Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion BI+ accessible data. CVSS 3.1 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N).

References (1)

Core 1
Core References

Scores

CVSS v3 4.2
EPSS 0.0102
EPSS Percentile 59.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (1)
oracle/hyperion_bi\+ 11.1.2.4
Published Oct 21, 2020
Tracked Since Feb 18, 2026