cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-21257,https://securityvulnerability.io/vulnerability/CVE-2024-21257,Oracle Hyperion BI+ Vulnerability: Likely Unauthorized Read Access to Subset of Data,Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization).   The supported version that is affected is 11.2.18.0.000. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Hyperion BI+ executes to compromise Oracle Hyperion BI+.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Hyperion BI+ accessible data. CVSS 3.1 Base Score 3.0 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).,Oracle,Oracle Hyperion Bi+,3,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-10-15T19:52:53.351Z,0
CVE-2023-22060,https://securityvulnerability.io/vulnerability/CVE-2023-22060,Unauthorized Access Vulnerability in Oracle Hyperion Workspace by Oracle,"An access control vulnerability exists in Oracle Hyperion Workspace that allows a low-privileged attacker to exploit the system via HTTP. This vulnerability may lead to unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to sensitive information. Additionally, this flaw can allow attackers to cause a partial denial of service, affecting the availability of the workspace. Successful exploitation requires user interaction, making it a potential threat in environments where users are unaware of the risks.",Oracle,Hyperion Bi+,7.6,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0
CVE-2023-22010,https://securityvulnerability.io/vulnerability/CVE-2023-22010,,Vulnerability in Oracle Essbase (component: Security and Provisioning).   The supported version that is affected is 21.4.3.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Essbase.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Essbase accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).,Oracle,Hyperion Essbase,2.2,LOW,0.0004299999854993075,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0
CVE-2023-22062,https://securityvulnerability.io/vulnerability/CVE-2023-22062,Oracle Hyperion Financial Reporting Repository Vulnerability,"An easily exploitable vulnerability exists within the Oracle Hyperion Financial Reporting product, specifically in the Repository component. This vulnerability allows low-privileged attackers with network access via HTTP to compromise the Oracle Hyperion Financial Reporting system. Exploitation can lead to unauthorized access to sensitive data and the potential for partial denial of service. Notably, while the vulnerability is centered on Oracle Hyperion Financial Reporting, its exploitation might also have serious implications for related products, expanding the potential attack surface and impact.",Oracle,Hyperion Financial Reporting,8.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0
CVE-2023-21961,https://securityvulnerability.io/vulnerability/CVE-2023-21961,,"Vulnerability in the Oracle Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Administration and EAS Console).   The supported version that is affected is 21.4.3.0.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hyperion Essbase Administration Services executes to compromise Oracle Hyperion Essbase Administration Services.  While the vulnerability is in Oracle Hyperion Essbase Administration Services, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Hyperion Essbase Administration Services accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",Oracle,Hyperion Essbase Administration Services,6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0
CVE-2023-21944,https://securityvulnerability.io/vulnerability/CVE-2023-21944,,Vulnerability in Oracle Essbase (component: Security and Provisioning).   The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).,Oracle,Hyperion Essbase,5.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2023-04-18T20:15:00.000Z,0
CVE-2023-21943,https://securityvulnerability.io/vulnerability/CVE-2023-21943,,Vulnerability in Oracle Essbase (component: Security and Provisioning).   The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).,Oracle,Hyperion Essbase,5.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2023-04-18T20:15:00.000Z,0
CVE-2023-21942,https://securityvulnerability.io/vulnerability/CVE-2023-21942,,Vulnerability in Oracle Essbase (component: Security and Provisioning).   The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).,Oracle,Hyperion Essbase,5.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2023-04-18T20:15:00.000Z,0
CVE-2022-21508,https://securityvulnerability.io/vulnerability/CVE-2022-21508,,"Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.3. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Essbase executes to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Essbase accessible data as well as unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N).",Oracle,Hyperion Essbase,5.8,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2022-07-19T21:06:40.000Z,0
CVE-2021-35683,https://securityvulnerability.io/vulnerability/CVE-2021-35683,,"Vulnerability in the Oracle Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported version that is affected is Prior to 11.1.2.4.047. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Essbase Administration Services. While the vulnerability is in Oracle Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Essbase Administration Services. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",Oracle,Hyperion Essbase Administration Services,9.9,CRITICAL,0.00044999999227002263,false,false,false,false,,false,false,2022-01-19T11:21:44.000Z,0
CVE-2021-35665,https://securityvulnerability.io/vulnerability/CVE-2021-35665,,"Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Financial Reporting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Financial Reporting, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Financial Reporting accessible data as well as unauthorized read access to a subset of Hyperion Financial Reporting accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Hyperion Financial Reporting,6.1,MEDIUM,0.0009500000160187483,false,false,false,false,,false,false,2021-10-20T10:51:41.000Z,0
CVE-2021-35655,https://securityvulnerability.io/vulnerability/CVE-2021-35655,,Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Essbase Administration Services accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,Oracle,Hyperion Essbase Administration Services,5.3,MEDIUM,0.001019999966956675,false,false,false,false,,false,false,2021-10-20T10:51:34.000Z,0
CVE-2021-35654,https://securityvulnerability.io/vulnerability/CVE-2021-35654,,Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Essbase Administration Services. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).,Oracle,Hyperion Essbase Administration Services,7.5,HIGH,0.0010100000072270632,false,false,false,false,,false,false,2021-10-20T10:51:33.000Z,0
CVE-2021-35653,https://securityvulnerability.io/vulnerability/CVE-2021-35653,,"Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Essbase Administration Services. While the vulnerability is in Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Essbase Administration Services accessible data. CVSS 3.1 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",Oracle,Hyperion Essbase Administration Services,7.7,HIGH,0.0009399999980814755,false,false,false,false,,false,false,2021-10-20T10:51:32.000Z,0
CVE-2021-35652,https://securityvulnerability.io/vulnerability/CVE-2021-35652,,"Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services. While the vulnerability is in Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Essbase Administration Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",Oracle,Hyperion Essbase Administration Services,10,CRITICAL,0.010459999553859234,false,false,false,false,,false,false,2021-10-20T10:51:31.000Z,0
CVE-2021-35651,https://securityvulnerability.io/vulnerability/CVE-2021-35651,,"Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Essbase Administration Services. While the vulnerability is in Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Essbase Administration Services accessible data as well as unauthorized update, insert or delete access to some of Essbase Administration Services accessible data. CVSS 3.1 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N).",Oracle,Hyperion Essbase Administration Services,8.5,HIGH,0.0009399999980814755,false,false,false,false,,false,false,2021-10-20T10:51:29.000Z,0
CVE-2021-2445,https://securityvulnerability.io/vulnerability/CVE-2021-2445,,"Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.5.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Infrastructure Technology accessible data as well as unauthorized access to critical data or complete access to all Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N).",Oracle,Hyperion Infrastructure Technology,5.7,MEDIUM,0.0006600000197067857,false,false,false,false,,false,false,2021-07-20T22:44:53.000Z,0
CVE-2021-2439,https://securityvulnerability.io/vulnerability/CVE-2021-2439,,Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). Supported versions that are affected are 11.1.2.4 and 11.2.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hyperion BI+ accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).,Oracle,Hyperion Bi+,4.3,MEDIUM,0.0008999999845400453,false,false,false,false,,false,false,2021-07-20T22:44:48.000Z,0
CVE-2021-2435,https://securityvulnerability.io/vulnerability/CVE-2021-2435,,"Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Essbase Analytic Provider Services accessible data as well as unauthorized access to critical data or complete access to all Essbase Analytic Provider Services accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).",Oracle,Hyperion Analytic Provider Services,8.1,HIGH,0.0020699999295175076,false,false,false,false,,false,false,2021-07-20T22:44:44.000Z,0
CVE-2021-2433,https://securityvulnerability.io/vulnerability/CVE-2021-2433,,Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase (component: Web Services). Supported versions that are affected are 11.1.2.4 and 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Analytic Provider Services. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Essbase Analytic Provider Services. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).,Oracle,Hyperion Analytic Provider Services,7.5,HIGH,0.0009500000160187483,false,false,false,false,,false,false,2021-07-20T22:44:42.000Z,0
CVE-2021-2350,https://securityvulnerability.io/vulnerability/CVE-2021-2350,,Vulnerability in the Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Console). Supported versions that are affected are 11.1.2.4 and 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Essbase Administration Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion Essbase Administration Services accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,Oracle,Hyperion Essbase Administration Services,7.5,HIGH,0.004110000096261501,false,false,false,false,,false,false,2021-07-20T22:43:28.000Z,0
CVE-2021-2349,https://securityvulnerability.io/vulnerability/CVE-2021-2349,,"Vulnerability in the Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Console). Supported versions that are affected are 11.1.2.4 and 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Essbase Administration Services. While the vulnerability is in Hyperion Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion Essbase Administration Services accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",Oracle,Hyperion Essbase Administration Services,8.6,HIGH,0.004110000096261501,false,false,false,false,,false,false,2021-07-20T22:43:27.000Z,0
CVE-2021-2347,https://securityvulnerability.io/vulnerability/CVE-2021-2347,,"Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion Infrastructure Technology accessible data as well as unauthorized update, insert or delete access to some of Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 5.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N).",Oracle,Hyperion Infrastructure Technology,5.2,MEDIUM,0.0006699999794363976,false,false,false,false,,false,false,2021-07-20T22:43:25.000Z,0
CVE-2021-2244,https://securityvulnerability.io/vulnerability/CVE-2021-2244,,"Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI) and Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). Supported versions that are affected are Hyperion Analytic Provider Services 11.1.2.4 and 12.2.1.4, and Essbase Analytic Provider Services 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Analytic Provider Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Hyperion Analytic Provider Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",Oracle,Hyperion Analytic Provider Services,10,CRITICAL,0.07487999647855759,false,false,false,false,,false,false,2021-04-22T21:53:55.000Z,0
CVE-2021-2158,https://securityvulnerability.io/vulnerability/CVE-2021-2158,,"Vulnerability in the Hyperion Financial Management product of Oracle Hyperion (component: Task Automation). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Financial Management accessible data as well as unauthorized read access to a subset of Hyperion Financial Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion Financial Management. CVSS 3.1 Base Score 3.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L).",Oracle,Hyperion Financial Management,3.9,LOW,0.000910000002477318,false,false,false,false,,false,false,2021-04-22T21:53:46.000Z,0