Main Vulnerability Database Vulnerabilities #VU78392

Improper input validation in Essbase Administration Services - CVE-2023-21961

Published: July 19, 2023

Vulnerability identifier: #VU78392

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-21961

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Essbase Administration Services

Software vendor:
Oracle

Description

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the EAS Administration and EAS Console component in Oracle Hyperion Essbase Administration Services. A local privileged user can exploit this vulnerability to gain access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://www.oracle.com/security-alerts/cpujul2023.html

Improper input validation in Essbase Administration Services - CVE-2023-21961

Description

Remediation

External links

Please verify you're human