Oracle’s quarterly Critical Patch Update came out last week on April 14, 2015. There were two Hyperion products listed this quarter that require patches to fix the security vulnerabilities: Hyperion BI+ (Reporting and Analysis) and Smart View.
There are patches available for Hyperion BI+ in the 188.8.131.52.x and 184.108.40.206.x code lines, which is consistent with Oracle’s Lifetime Support policy. The patch for the 220.127.116.11.x code line is the 18.104.22.168.506 Patch Set Update (PSU) for the Reporting and Analysis Framework (patch number 20029854). The patch for the 22.214.171.124.x code line is the 126.96.36.199.500 PSU for the RA Framework (patch number 18659116). Interesting enough, is that the 188.8.131.52.500 PSU has been available for 9+ months and fixes the vulnerabilities just uncovered this quarter. Hopefully if you are on 184.108.40.206.x, you have already patched to 220.127.116.11.500 for BI+.
The Smart View vulnerability is patched in Smart View 18.104.22.168.400 (patch number 20327649). This goes along with the theory that you should keep up with the Smart View releases. We need to get in the habit of thinking of Smart View like the apps on an iPhone; they often update automatically and you always have the most recent version. Why? By keeping up with the technology, you get the latest bug fixes and security updates as well as any new features.