Oracle Hyperion Financial Reporting — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Hyperion Financial Reporting, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2016-3493 — CVSS 9.8 (critical): Unspecified vulnerability in the Hyperion Financial Reporting component in Oracle Hyperion 11.1.2.4 allows remote attackers to affect…
CVE-2019-0228 — CVSS 9.8 (critical): Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity…
CVE-2018-2907 — CVSS 8.6 (high): Vulnerability in the Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). The supported version that…
CVE-2019-17566 — CVSS 7.5 (high): Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a…
CVE-2017-10310 — CVSS 7.5 (high): Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). The supported…
CVE-2017-10358 — CVSS 6.4 (medium): Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Workspace). The supported version that…
CVE-2021-35665 — CVSS 6.1 (medium): Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is…
CVE-2021-27807 — CVSS 5.5 (medium): A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior…
CVE-2021-27906 — CVSS 5.5 (medium): A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22…
CVE-2025-50108 — CVSS 5.4 (medium): Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Workspace). The supported version that is…
CVE-2019-2959 — CVSS 4.2 (medium): Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Security Models). The supported version that is…
CVE-2020-2769 — CVSS 2.4 (low): Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Web Based Report Designer). The supported version…