Aerosol Posted February 5, 2015 Report Share Posted February 5, 2015 Oracle has issued a patch to fix several bugs in its Hyperion Product Management financial consolidation and reporting application that could be remotely exploited by hackers.Oracle's Proactive Support team announced the fixes, confirming that they address a number of flaws in the Hyperion Planning 11.1.2.2.x part of the application.The company does not offer firm details about the patch to non-registered customers, and had not responded to V3's request for further details at the time of publishing.However, TK Keanini, chief technology officer at Lancope, told V3 that the user base and nature of data handled within Hyperion means customers should be concerned by the flaw."If you are running this software, it contains up-to-date business intelligence that you must keep secure. So if you are running this software it is incredibly important to keep it up to date and patched," he said. ?"Ask yourself this: if the information in your Hyperion system was compromised and posted to the internet for all to see, would you be OK with that? ?"The problem most companies face is that they sometimes don't know what is running on their network and this is problem number one that must be solved."Keanini explained that companies should patch the remote access vulnerabilities as soon as possible, but added that he has yet to see any evidence of the flaws being actively exploited by hackers."This is not just one vulnerability but several. The CVEs that have remote access are the most important to fix first," he said. ?"I have not [seen the flaws being exploited] but when data is published to the internet, it is not like attackers take the time to show their timeline and the provenance of the data. ?"This is always interesting data but also a dangerous indicator because it is a lagging indicator at best."The Hyperion patch is one of many critical fixes issued by Oracle this year. The firm released a critical update in January addressing 167 vulnerabilities across hundreds of its products, including Java.Source Quote Link to comment Share on other sites More sharing options...
