Denial of Service Vulnerability in Oracle Essbase Analytic Provider Services
CVE-2021-2433

7.5HIGH

Key Information:

Vendor: Oracle
Status: Hyperion Analytic Provider Services
Vendor: CVE Published:; 20 July 2021

Summary

A vulnerability exists in the Essbase Analytic Provider Services of Oracle Essbase, specifically within its Web Services component. The flaw allows unauthenticated attackers with network access via HTTP to exploit the service, leading to a potential denial of service. Successful exploitation may cause the service to hang or crash, resulting in significant disruption. The affected versions include 11.1.2.4 and 21.2, emphasizing the need for administrators to apply necessary updates and mitigate risks.

Affected Version(s)

Hyperion Analytic Provider Services 11.1.2.4

Hyperion Analytic Provider Services 21.2

References

https://www.oracle.com/security-alerts/cpujul2021.html

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 20, 2021
Vulnerability Reserved
Dec 9, 2020