CVE-2020-14560 : What You Need to Know
Learn about CVE-2020-14560, a vulnerability in Oracle Hyperion BI+ version 11.1.2.4 allowing high privileged attackers to compromise the system via HTTP. Find out the impact and mitigation steps.
Oracle Hyperion BI+ product of Oracle Hyperion has a vulnerability (component: UI and Visualization) in version 11.1.2.4, allowing a high privileged attacker to compromise the system via HTTP. Successful attacks can lead to unauthorized data access.
Understanding CVE-2020-14560
This CVE involves a vulnerability in Oracle Hyperion BI+ that can be exploited by a high privileged attacker with network access.
What is CVE-2020-14560?
The vulnerability in Oracle Hyperion BI+ (UI and Visualization component) version 11.1.2.4 allows a high privileged attacker with network access via HTTP to compromise the system. Successful exploitation can result in unauthorized access to critical data.
The Impact of CVE-2020-14560
- CVSS 3.1 Base Score: 4.2 (Confidentiality impacts)
- Successful attacks require human interaction from a person other than the attacker
- Unauthorized access to critical data or complete access to all Oracle Hyperion BI+ accessible data
Technical Details of CVE-2020-14560
This section provides technical details of the vulnerability.
Vulnerability Description
The vulnerability allows a high privileged attacker with network access via HTTP to compromise Oracle Hyperion BI+.
Affected Systems and Versions
- Affected Version: 11.1.2.4
Exploitation Mechanism
- Attack Complexity: High
- Attack Vector: Network
- Privileges Required: High
- User Interaction: Required
Mitigation and Prevention
Protect your system from CVE-2020-14560 with the following steps:
Immediate Steps to Take
- Monitor Oracle's security alerts for updates
- Implement network security measures
Long-Term Security Practices
- Regularly update and patch Oracle Hyperion BI+
- Train users on security best practices
Patching and Updates
Stay informed about security patches and updates from Oracle to mitigate the vulnerability.