How severe is CVE-2019-2861?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2019-2861?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2019-2861 - MEDIUM Severity | CVSS 4.2

Vulnerability Description

Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Planning accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N).

Related Vulnerabilities

CVE-2015-3160

MEDIUM

CVSS:4.3(Medium)

XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing en...

CWE-6112015

CVE-2016-0268

MEDIUM

CVSS:4.3(Medium)

XML external entity (XXE) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check ...

CWE-6112016

CVE-2017-10889

MEDIUM

CVSS:4.3(Medium)

TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.

CWE-6112017

CVE-2017-3839

MEDIUM

CVSS:4.3(Medium)

An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the ...

CWE-6112017

CVE-2018-6225

MEDIUM

CVSS:4.3(Medium)

An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script.

CWE-6112018

CVE-2020-26247

MEDIUM

CVSS:4.3(Medium)

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokog...

CWE-6112020