Oracle Hyperion Financial Reporting 11.1.2.4
Approved changes feed: RSS · Atom
cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*
part: a version: 11.1.2.4 update: *
| Vendor | Oracle (3509f9eb-d8a0-57da-b153-b8021021b133) |
|---|---|
| Product | Hyperion Financial Reporting (39eb8e6e-3e99-5965-ad9c-f1e5e6043412) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-27906 |
vulnerable | 2026-06-03 14:44:17.032922 |
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
Published: 2021-03-19T16:05:21.000Z
Updated: 2025-02-13T16:27:57.655Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-27807 |
vulnerable | 2026-06-03 14:44:16.642500 |
A carefully crafted PDF file can trigger an infinite loop while loading the file
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
Published: 2021-03-19T16:05:20.000Z
Updated: 2025-02-13T16:27:57.032Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-2769 |
vulnerable | 2026-06-03 14:42:31.097565 |
Details available
LOW (2.4)
Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Web Based Report Designer). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Reporting. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion Financial Reporting accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).
Published: 2020-04-15T13:29:45.000Z
Updated: 2024-09-30T15:39:48.241Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-11023 |
vulnerable | 2026-06-03 14:41:00.962707 |
Potential XSS vulnerability in jQuery
MEDIUM (6.9)
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Published: 2020-04-29T00:00:00.000Z
Updated: 2025-10-21T23:35:45.230Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-2959 |
vulnerable | 2026-06-03 14:40:26.256976 |
Details available
Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Security Models). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Reporting. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Reporting accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N).
Published: 2019-10-16T17:40:56.000Z
Updated: 2024-10-01T16:28:21.258Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-17566 |
vulnerable | 2026-06-03 14:39:56.534566 |
Details available
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Published: 2020-11-12T00:00:00.000Z
Updated: 2024-08-05T01:40:15.834Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-0228 |
vulnerable | 2026-06-03 14:39:18.885318 |
Details available
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
Published: 2019-04-17T14:07:34.000Z
Updated: 2024-08-04T17:44:15.952Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-3493 |
vulnerable | 2026-06-03 14:35:46.117673 |
Details available
Unspecified vulnerability in the Hyperion Financial Reporting component in Oracle Hyperion 11.1.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Security Models.
Published: 2016-07-21T10:00:00.000Z
Updated: 2024-10-11T20:53:43.138Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.