QID 376367

QID 376367: Oracle Essbase Administration Services Security Update (CPUJAN2022)

Oracle Hyperion Essbase Administration Services (Essbase Administration Services) software is a robust, cross-platform graphical user interface that makes Essbase administration tasks easy to perform.

Vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services.

Affected Versions:
Essbase Administration Services prior to 11.1.2.4.047

Essbase Administration Services prior to 21.3

NOTE:
Flagged as potential as only able to check high level version

QID Detection Logic (Authenticated):
Windows: Fetch high level version of Essbase Administration Services from the registry.

Successful exploitation of these vulnerabilities may allow an remoter attacker to compromise Essbase Administration Services console.

CVSS V3 rated as Critical - 9.9 severity.

CVSS V2 rated as High - 7.5 severity.

Solution

The vendor has released these fixes. More information refer vendor advisory CPUJAN2022.

Vendor References

cpujan2022 - www.oracle.com/security-alerts/cpujan2022verbose.html#ESSB

CVEs related to QID 376367

CVE-2021-20718 | CVE-2021-22901 | CVE-2021-35683 | CVE-2021-36090 | CVE-2021-3711 |

Software Advisories

Advisory ID	Software	Component	Link
cpujan2022			www.oracle.com/security-alerts/cpujan2022verbose.html#ESSB

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].