QID 376367

QID 376367: Oracle Essbase Administration Services Security Update (CPUJAN2022)

Oracle Hyperion Essbase Administration Services (Essbase Administration Services) software is a robust, cross-platform graphical user interface that makes Essbase administration tasks easy to perform.

Vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services.

Affected Versions:
Essbase Administration Services prior to 11.1.2.4.047

Essbase Administration Services prior to 21.3

NOTE:
Flagged as potential as only able to check high level version

QID Detection Logic (Authenticated):
Windows: Fetch high level version of Essbase Administration Services from the registry.

Successful exploitation of these vulnerabilities may allow an remoter attacker to compromise Essbase Administration Services console.

  • CVSS V3 rated as Critical - 9.9 severity.
  • CVSS V2 rated as High - 7.5 severity.
    • Solution
    The vendor has released these fixes. More information refer vendor advisory CPUJAN2022.
    Vendor References

    CVEs related to QID 376367

    CVE-2021-20718 | CVE-2021-22901 | CVE-2021-35683 | CVE-2021-36090 | CVE-2021-3711 |
    Software Advisories
    Advisory ID Software Component Link
    cpujan2022 URL Logo www.oracle.com/security-alerts/cpujan2022verbose.html#ESSB
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].