Security and Provisioning Vulnerability in Oracle Essbase
CVE-2023-22010

2.2LOW

Key Information:

Vendor: Oracle
Status: Hyperion Essbase
Vendor: CVE Published:; 18 July 2023

Summary

A vulnerability in Oracle Essbase's Security and Provisioning component allows an attacker with high privileges and network access via HTTP to exploit the system. This vulnerability can lead to unauthorized access to a subset of data within Oracle Essbase, potentially compromising sensitive information. The supported version impacted is 21.4.3.0.0, emphasizing the necessity for organizations to adhere to security patches provided by Oracle to mitigate risks.

Affected Version(s)

Hyperion Essbase 21.4.3.0.0

References

https://www.oracle.com/security-alerts/cpujul2023.html

vendor-advisory

CVSS V3.1

Score:

2.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2023
Vulnerability Reserved
Dec 17, 2022