Security Flaw in Oracle Essbase Affects User Data Access
CVE-2023-21944

5.3MEDIUM

Key Information:

Vendor: Oracle
Status: Hyperion Essbase
Vendor: CVE Published:; 18 April 2023

Summary

A security vulnerability has been identified in Oracle Essbase, specifically within its Security and Provisioning component. This flaw affects version 21.4 and enables unauthenticated attackers with network access via HTTP to potentially compromise the system. Although the attack is difficult to execute and requires human interaction from a non-attacker, the implications can be severe, allowing unauthorized access to critical data or even complete access to all data accessible through Oracle Essbase.

Affected Version(s)

Hyperion Essbase 21.4

References

https://www.oracle.com/security-alerts/cpuapr2023.html

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Dec 17, 2022