Cybersecurity specialists report the detection of four critical vulnerabilities in Hyperion Infrastructure Technology, a centralized solution for financial and operational planning in enterprise environments developed by the technology firm Oracle. According to the report, successful exploitation of these flaws would allow threat actors to access sensitive information and deploy multiple attack variants.

Below are brief descriptions of the reported vulnerabilities. It also presents the identification keys of these flaws and their scores assigned according to the Common Vulnerability Scoring System (CVSS).

CVE-2019-2729: Insecure validation of input when processing serialized data within the XMLDecoder class would allow unauthenticated remote threat actors to pass specially crafted data to the affected application and execute arbitrary code.

This is a critical flaw and received a CVSS score of 9.4/10. It is important to mention that this vulnerability has already been exploited in real-world scenarios to completely compromise the affected systems.

CVE-2021-2347: Improper validation of entries within the lifecycle management component in Hyperion would allow privileged remote users to manipulate the information entered into the system.

This is a flaw of medium severity and received a CVSS score of 4.5/10.

CVE-2021-2445: Incorrect input validation within the lifecycle management component in Hyperion would allow remote users with high privileges to manipulate relevant information on the system.

The vulnerability received a CVSS score of 5/10.

CVE-2017-14735: Insufficient disinfection of user input allows remote attackers to trick the victim into opening a specially crafted link that will execute HTML code in the context of a vulnerable website.

The flaw received a score of 5.3/10 and its successful exploitation would allow threat actors to deploy cross-site scripting (XSS) attacks.

All of these flaws reside in the following versions of Hyperion Infrastructure Technology: v11.1.2.4 and v11.2.5.0.

As mentioned above, these vulnerabilities could be or have been exploited by remote threat actors over the Internet, so it is imperative that administrators of affected deployments upgrade to a secure version as soon as possible.

Security patches to address these vulnerabilities have already been issued by Oracle and are available through its official platforms. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post 4 serious vulnerabilities in Hyperion Infrastructure Technology appeared first on Information Security Newspaper | Hacking News.

You May Also Like

Critical firmware vulnerabilities in IP cameras of Geutebruck, Ganz, Visualint, Cap, Thrive, Sophus, VCA, TripCorps, Sprinx, Smartec & Riva

A recent cybersecurity report reports the detection of multiple critical vulnerabilities in…

Cybercriminals are exploiting Owowa IIS module to take control of exposed servers

A report by the security firm Kaspersky details the detection of a…

Security researcher finds new way to exploit CVE-2022-22005, recently patched deserialization bug in Microsoft SharPoint

In early 2022, Microsoft addressed CVE-2022-22005, a remote code execution (RCE) vulnerability…

Follina, Microsoft Office vulnerability, also affects Foxit PDF Reader; no patches available

A few days ago, a security researcher reported the detection of a…