PT-2021-7115 · Oracle · Hyperion Essbase Administration Services+2
Kajetan Rostojek
·
Published
2021-07-20
·
Updated
2021-07-23
·
CVE-2021-2349
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle Essbase versions 11.1.2.4 and 21.2
Description
The issue is related to insufficient input validation in the EAS Console component of Oracle Essbase Administration Services. This allows an unauthenticated attacker with network access via HTTP to compromise Hyperion Essbase Administration Services, potentially leading to unauthorized access to critical data or complete access to all accessible data.
Recommendations
For version 11.1.2.4, update to a version that addresses the insufficient input validation issue.
For version 21.2, update to a version that addresses the insufficient input validation issue.
As a temporary workaround, consider restricting access to the EAS Console component to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eas Console
Hyperion Essbase Administration Services
Oracle Essbase