CVE-2023-21942

4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.4%
top 37.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Hyperion EssbaseOracle Essbase
Timeline
PublishedApr 18

Description

Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

NVDoracle/essbase21.4

🔴Vulnerability Details

2
GHSA
GHSA-pcpm-j6mw-65jm: Vulnerability in Oracle Essbase (component: Security and Provisioning)2023-04-18
CVEList
CVE-2023-21942: Vulnerability in Oracle Essbase (component: Security and Provisioning)2023-04-18

📋Vendor Advisories

1
Oracle
Oracle Oracle Essbase Risk Matrix: Security and Provisioning — CVE-2023-219422023-04-15
CVE-2023-21942 (MEDIUM CVSS 5.3) | Vulnerability in Oracle Essbase (co | cvebase.io