Oracle’s quarterly Critical Patch Update came out last week on April 14, 2015. There were two Hyperion products listed this quarter that require patches to fix the security vulnerabilities: Hyperion BI+ (Reporting and Analysis) and Smart View.
There are patches available for Hyperion BI+ in the 184.108.40.206.x and 220.127.116.11.x code lines, which is consistent with Oracle’s Lifetime Support policy. The patch for the 18.104.22.168.x code line is the 22.214.171.124.506 Patch Set Update (PSU) for the Reporting and Analysis Framework (patch number 20029854). The patch for the 126.96.36.199.x code line is the 188.8.131.52.500 PSU for the RA Framework (patch number 18659116). Interesting enough, is that the 184.108.40.206.500 PSU has been available for 9+ months and fixes the vulnerabilities just uncovered this quarter. Hopefully if you are on 220.127.116.11.x, you have already patched to 18.104.22.168.500 for BI+.
The Smart View vulnerability is patched in Smart View 22.214.171.124.400 (patch number 20327649). This goes along with the theory that you should keep up with the Smart View releases. We need to get in the habit of thinking of Smart View like the apps on an iPhone; they often update automatically and you always have the most recent version. Why? By keeping up with the technology, you get the latest bug fixes and security updates as well as any new features.