CVE-2021-2350 : Vulnerability in the Hyperion Essbase Administration Services product of Oracle

Vulnerability in the Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Console). Supported versions that are affected are 11.1.2.4 and 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Essbase Administration Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion Essbase Administration Services accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Published 2021-07-21 15:15:21

Updated 2021-07-23 13:36:04

Source Oracle

View at NVD, CVE.org

Vulnerability category: Bypass

Products affected by CVE-2021-2350

Oracle » Hyperion Essbase Administration Services » Version: 11.1.2.4
cpe:2.3:a:oracle:hyperion_essbase_administration_services:11.1.2.4:*:*:*:*:*:*:*
Matching versions
Oracle » Hyperion Essbase Administration Services » Version: 21.2
cpe:2.3:a:oracle:hyperion_essbase_administration_services:21.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-2350

EPSS FAQ

2.23%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 83 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-2350

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	Oracle
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

References for CVE-2021-2350

https://www.oracle.com/security-alerts/cpujul2021.html

Oracle Critical Patch Update Advisory - July 2021
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-2350

Products affected by CVE-2021-2350

Exploit prediction scoring system (EPSS) score for CVE-2021-2350

CVSS scores for CVE-2021-2350

References for CVE-2021-2350