CVE-2022-21508

Name of the Vulnerable Software and Affected Versions Oracle Essbase version 21.3

Description The issue is related to insufficient input validation in the Security and Provisioning component of Oracle Essbase. This allows a high-privileged attacker with logon access to the infrastructure to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized access to critical data or all Oracle Essbase accessible data.

Recommendations For Oracle Essbase version 21.3, update to a version that includes the fix for this issue, as no specific workaround is provided for this version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.