CVE-2020-14770

LOW

Oracle Hyperion BI+ 11.1.2.4 - Info Disclosure

Title source: llm
STIX 2.1

Description

Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion BI+ accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N).

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2020.html

Scores

CVSS v3 2.0
EPSS 0.0082
EPSS Percentile 53.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (1)
oracle/hyperion_bi\+ 11.1.2.4
Published Oct 21, 2020
Tracked Since Feb 18, 2026