CVE-2021-2435

Name of the Vulnerable Software and Affected Versions Essbase Analytic Provider Services version 11.1.2.4

Description The issue is related to errors in processing input data in the JAPI component of Essbase Analytic Provider Services. This can allow a remote attacker to gain full access to critical data. The vulnerability can be easily exploited by an unauthenticated attacker with network access via HTTP, but successful attacks require human interaction from a person other than the attacker. This can result in unauthorized creation, deletion, or modification access to critical data or all accessible data, as well as unauthorized access to critical data.

Recommendations For version 11.1.2.4, consider restricting access to the JAPI component until a patch is available. As a temporary workaround, disabling the JAPI component can help minimize the risk of exploitation. Additionally, restricting network access via HTTP to the Essbase Analytic Provider Services can also reduce the risk.