Vulnerability in the Oracle Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Administration and EAS Console). The supported version that is affected is 21.4.3.0.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hyperion Essbase Administration Services executes to compromise Oracle Hyperion Essbase Administration Services. While the vulnerability is in Oracle Hyperion Essbase Administration Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Essbase Administration Services accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Oracle
  • Hyperion Essbase Administration Services

Configuration 1 [-]

cpe:2.3:a:oracle:hyperion_essbase_administration_services:21.4.3.0.0:*:*:*:*:*:*:*

No data.

References
Link Providers
https://www.oracle.com/security-alerts/cpujul2023.html cve-icon cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2023-07-18T20:18:00.754Z

Updated: 2024-09-13T18:26:04.786Z

Reserved: 2022-12-17T19:26:00.730Z

Link: CVE-2023-21961

cve-icon Vulnrichment

Updated: 2024-08-02T09:59:28.355Z

cve-icon NVD

Status : Analyzed

Published: 2023-07-18T21:15:11.523

Modified: 2023-07-27T17:38:20.417

Link: CVE-2023-21961

cve-icon Redhat

No data.