CVE-2021-35652

Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services. While the vulnerability is in Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Essbase Administration Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
References
Link Resource
https://www.oracle.com/security-alerts/cpuoct2021.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:essbase_administration_services:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:essbase_administration_services:*:*:*:*:*:*:*:*

History

20 Jan 2022, 12:15

Type Values Removed Values Added
Summary Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported version that is affected is Prior to 11.1.2.4.046. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services. While the vulnerability is in Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Essbase Administration Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services. While the vulnerability is in Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Essbase Administration Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

26 Oct 2021, 00:50

Type Values Removed Values Added
References (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Vendor Advisory
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:oracle:essbase_administration_services:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 10.0
v2 : 7.5
v3 : 10.0

20 Oct 2021, 11:52

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-20 11:17

Updated : 2023-12-10 14:09


NVD link : CVE-2021-35652

Mitre link : CVE-2021-35652

CVE.ORG link : CVE-2021-35652


JSON object : View

Products Affected

oracle

  • essbase_administration_services