CVE-2021-35683

4 documents4 sources
Severity
9.9CRITICAL
EPSS
1.5%
top 18.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Hyperion Essbase Administration ServicesOracle Essbase Administration Services
Timeline
PublishedJan 19
Latest updateJan 20

Description

Vulnerability in the Oracle Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported version that is affected is Prior to 11.1.2.4.047. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Essbase Administration Services. While the vulnerability is in Oracle Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

CVEListV5oracle_corporation/hyperion_essbase_administration_servicesunspecified11.1.2.4.047

🔴Vulnerability Details

2
GHSA
GHSA-52h2-329h-239p: Vulnerability in the Oracle Essbase Administration Services product of Oracle Essbase (component: EAS Console)2022-01-20
CVEList
CVE-2021-35683: Vulnerability in the Oracle Essbase Administration Services product of Oracle Essbase (component: EAS Console)2022-01-19

📋Vendor Advisories

1
Oracle
Oracle Oracle Essbase Risk Matrix: EAS Console — CVE-2021-356832022-01-15
CVE-2021-35683 (CRITICAL CVSS 9.9) | Vulnerability in the Oracle Essbase | cvebase.io