Denial of Service Vulnerability in Oracle Essbase Administration Services
CVE-2021-35654

7.5HIGH

Key Information:

Vendor: Oracle
Status: Hyperion Essbase Administration Services
Vendor: CVE Published:; 20 October 2021

Summary

An unauthenticated vulnerability in the Essbase Administration Services of Oracle Essbase allows attackers with network access to disrupt service. Exploitation enables attackers to cause a denial of service, leading to frequent crashes or hang-ups of the Essbase Administration Services. This vulnerability affects specific versions prior to 11.1.2.4.046 and 21.3, highlighting the importance of timely updates and patches to safeguard against unauthorized network attacks.

Affected Version(s)

Hyperion Essbase Administration Services < 11.1.2.4.046

Hyperion Essbase Administration Services < 21.3

References

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2021
Vulnerability Reserved
Jun 28, 2021