CVE-2023-22010

Name of the Vulnerable Software and Affected Versions Oracle Essbase version 21.4.3.0.0

Description The issue is related to insufficient input validation in the Security and Provisioning component of Oracle Essbase. Exploitation of this issue can allow an attacker to gain unauthorized access to protected information via HTTP requests. A successful attack can result in unauthorized read access to a subset of Oracle Essbase accessible data. The attack is considered difficult to exploit and requires a high-privileged attacker with network access via HTTP.

Recommendations For Oracle Essbase version 21.4.3.0.0, consider restricting access to the Security and Provisioning component until a patch is available. As a temporary workaround, limit network access via HTTP to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.