Vulnerability Details : CVE-2013-3803
Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, and 11.1.2.2.305 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Intelligence Service.
Products affected by CVE-2013-3803
- cpe:2.3:a:oracle:hyperion:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hyperion:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hyperion:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hyperion:11.1.1.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-3803
20.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-3803
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST |
References for CVE-2013-3803
-
http://www.securitytracker.com/id/1028794
Oracle Hyperion Intelligence Service Flaw Lets Remote Authenticated Users Partially Access Data - SecurityTrackerThird Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/85664
Oracle Hyperion BI Intelligence Service GetResource directory traversal CVE-2013-3803 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/61204
Oracle Hyperion CVE-2013-3803 Directory Traversal VulnerabilityThird Party Advisory;VDB Entry
-
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
Oracle Critical Patch Update - July 2013Vendor Advisory
Jump to