CVE-2023-22010

2.2LOW

Key Information:

Vendor
Oracle
Status
Hyperion Essbase
Vendor
CVE Published:
18 July 2023

Summary

Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4.3.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Essbase accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).

Affected Version(s)

Hyperion Essbase 21.4.3.0.0

References

https://www.oracle.com/security-alerts/cpujul2023.html
vendor-advisory

CVSS V3.1

Score:
2.2
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.