CVE-2021-35654

CWE-787Out-of-bounds WriteCWE-120Classic Buffer Overflow6 documents6 sources
Severity
7.5HIGH
EPSS
1.9%
top 16.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Hyperion Essbase Administration ServicesOracle Essbase Administration Services
Timeline
PublishedOct 20
Latest updateMay 24

Description

Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Essbase Administration Serv

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5oracle_corporation/hyperion_essbase_administration_servicesunspecified11.1.2.4.046+1

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-743w-c5px-r2c2: Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console)2022-05-24
CVEList
CVE-2021-35654: Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console)2021-10-20
GHSA
Out of bounds write in Pillow2021-03-29

📋Vendor Advisories

2
Oracle
Oracle Oracle Essbase Risk Matrix: EAS Console — CVE-2021-356542021-10-15
Red Hat
python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c2021-02-28
CVE-2021-35654 (HIGH CVSS 7.5) | Vulnerability in the Essbase Admini | cvebase.io