cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-21961,https://securityvulnerability.io/vulnerability/CVE-2023-21961,Vulnerability in Oracle Hyperion Essbase Administration Services,"A vulnerability exists in the Oracle Hyperion Essbase Administration Services, specifically within the EAS Administration and EAS Console components. An attacker with privileged credentials can exploit this vulnerability to gain unauthorized access to sensitive data within the Oracle Hyperion environment. This exploitation can potentially lead to a significant compromise of various products integrated with the Oracle Hyperion system, as the effects of the breach may extend beyond the compromised service. Organizations using the affected version, 21.4.3.0.0, should prioritize patching and enhancing their security posture to mitigate risks associated with unauthorized data access.",Oracle,Hyperion Essbase Administration Services,6,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-22010,https://securityvulnerability.io/vulnerability/CVE-2023-22010,Security and Provisioning Vulnerability in Oracle Essbase,"A vulnerability in Oracle Essbase's Security and Provisioning component allows an attacker with high privileges and network access via HTTP to exploit the system. This vulnerability can lead to unauthorized access to a subset of data within Oracle Essbase, potentially compromising sensitive information. The supported version impacted is 21.4.3.0.0, emphasizing the necessity for organizations to adhere to security patches provided by Oracle to mitigate risks.",Oracle,Hyperion Essbase,2.2,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-21942,https://securityvulnerability.io/vulnerability/CVE-2023-21942,Security Vulnerability in Oracle Essbase by Oracle,"A vulnerability exists in Oracle Essbase that allows an unauthenticated attacker with network access via HTTP to potentially compromise the system. Exploitation of this vulnerability necessitates human interaction from an individual other than the attacker, hence complicating the attack scenario. Successful exploitation can lead to unauthorized access to sensitive data, enabling an attacker to gain access to all Oracle Essbase accessible data. Organizations utilizing Oracle Essbase 21.4 must be mindful of this security issue to protect their data integrity.",Oracle,Hyperion Essbase,5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-04-18T20:15:00.000Z,0
CVE-2023-21943,https://securityvulnerability.io/vulnerability/CVE-2023-21943,Security Vulnerability in Oracle Essbase by Oracle,"A security vulnerability exists in Oracle Essbase that allows an unauthenticated attacker with network access via HTTP to compromise the system. The affected version is 21.4. Exploiting this vulnerability necessitates human interaction from a user other than the attacker, which poses a significant risk of unauthorized access to sensitive data or even complete access to all data available within Oracle Essbase. Organizations using this version should address this issue promptly to mitigate the potential for data breaches.",Oracle,Hyperion Essbase,5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-04-18T20:15:00.000Z,0
CVE-2023-21944,https://securityvulnerability.io/vulnerability/CVE-2023-21944,Security Flaw in Oracle Essbase Affects User Data Access,"A security vulnerability has been identified in Oracle Essbase, specifically within its Security and Provisioning component. This flaw affects version 21.4 and enables unauthenticated attackers with network access via HTTP to potentially compromise the system. Although the attack is difficult to execute and requires human interaction from a non-attacker, the implications can be severe, allowing unauthorized access to critical data or even complete access to all data accessible through Oracle Essbase.",Oracle,Hyperion Essbase,5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-04-18T20:15:00.000Z,0
CVE-2022-21508,https://securityvulnerability.io/vulnerability/CVE-2022-21508,Security and Provisioning Vulnerability in Oracle Essbase Software,"A security vulnerability exists in Oracle Essbase's Security and Provisioning component, affecting version 21.3. This flaw allows a high-privileged attacker with valid logon access to exploit the system, enabling unauthorized actions such as the creation, deletion, or modification of critical data. Furthermore, successful exploitation of this vulnerability requires human interaction from an individual other than the attacker. As a result, it poses a significant risk of unauthorized access to sensitive data and could compromise the integrity of all accessible data in Oracle Essbase.",Oracle,Hyperion Essbase,5.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-07-19T21:06:40.000Z,0
CVE-2021-35683,https://securityvulnerability.io/vulnerability/CVE-2021-35683,Arbitrary Code Execution Vulnerability in Oracle Essbase Administration Services,"A vulnerability in the Oracle Essbase Administration Services allows a low-privileged attacker with network access via HTTP to execute arbitrary code. This security issue affects the EAS Console component of Oracle Essbase and could lead to unauthorized control over the system. Successful exploitation can jeopardize the confidentiality, integrity, and availability of the affected product, significantly impacting related services.",Oracle,Hyperion Essbase Administration Services,9.9,CRITICAL,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-01-19T11:21:44.000Z,0
CVE-2021-35655,https://securityvulnerability.io/vulnerability/CVE-2021-35655,Unauthorized Read Access Vulnerability in Oracle Essbase Administration Services,"A vulnerability exists in Oracle Essbase Administration Services (EAS Console) that allows an unauthenticated attacker with network access via HTTP to exploit the system. This vulnerability affects EAS versions prior to 11.1.2.4.046 and prior to 21.3, enabling unauthorized users to gain read access to sensitive data within the system. Proper security measures must be implemented to mitigate the risk associated with this vulnerability. For further details, refer to Oracle's security alerts.",Oracle,Hyperion Essbase Administration Services,5.3,MEDIUM,0.001019999966956675,false,,false,false,false,,,false,false,,2021-10-20T10:51:34.000Z,0
CVE-2021-35654,https://securityvulnerability.io/vulnerability/CVE-2021-35654,Denial of Service Vulnerability in Oracle Essbase Administration Services,"An unauthenticated vulnerability in the Essbase Administration Services of Oracle Essbase allows attackers with network access to disrupt service. Exploitation enables attackers to cause a denial of service, leading to frequent crashes or hang-ups of the Essbase Administration Services. This vulnerability affects specific versions prior to 11.1.2.4.046 and 21.3, highlighting the importance of timely updates and patches to safeguard against unauthorized network attacks.",Oracle,Hyperion Essbase Administration Services,7.5,HIGH,0.0010100000072270632,false,,false,false,false,,,false,false,,2021-10-20T10:51:33.000Z,0
CVE-2021-35653,https://securityvulnerability.io/vulnerability/CVE-2021-35653,Unauthorized Access Flaw in Oracle Essbase Administration Services,"A vulnerability exists in Oracle Essbase Administration Services allowing low-privileged attackers with network access via HTTP to compromise the service. The flaw impacts versions prior to 11.1.2.4.046 and 21.3, potentially leading to unauthorized access to sensitive data. While the vulnerability is primarily in the EAS Console, it poses risks to additional integrated products, enabling attackers to exploit this weakness to gain critical information or full access to data managed by Essbase Administration Services.",Oracle,Hyperion Essbase Administration Services,7.7,HIGH,0.0009399999980814755,false,,false,false,false,,,false,false,,2021-10-20T10:51:32.000Z,0
CVE-2021-35652,https://securityvulnerability.io/vulnerability/CVE-2021-35652,Unattended Remote Code Execution Vulnerability in Oracle Essbase Administration Services,"A vulnerability in Oracle's Essbase Administration Services component allows an unauthenticated attacker with network access via HTTP to compromise the services. Affected versions include those prior to 11.1.2.4.046 and 21.3, making it particularly critical for users operating outdated releases. Successful exploitation can lead to full control over Essbase Administration Services, posing significant risk to its integrity, confidentiality, and availability. Attackers can leverage this vulnerability to perform unauthorized actions, resulting in widespread consequences across additional Oracle products.",Oracle,Hyperion Essbase Administration Services,10,CRITICAL,0.010459999553859234,false,,false,false,false,,,false,false,,2021-10-20T10:51:31.000Z,0
CVE-2021-35651,https://securityvulnerability.io/vulnerability/CVE-2021-35651,Unauthorized Access Vulnerability in Oracle Essbase Administration Services,"The vulnerability in Oracle's Essbase Administration Services allows low-privileged attackers with network access through HTTP to gain unauthorized access. This compromise can lead to significant risks, including unauthorized updates, inserts, or deletions of data within the Essbase Administration Services environment. Exploiting this vulnerability may expose sensitive data and disrupt essential services, impacting various interconnected products beyond Essbase itself.",Oracle,Hyperion Essbase Administration Services,8.5,HIGH,0.0009399999980814755,false,,false,false,false,,,false,false,,2021-10-20T10:51:29.000Z,0
CVE-2021-2350,https://securityvulnerability.io/vulnerability/CVE-2021-2350,Unauthorized Access Vulnerability in Oracle Hyperion Essbase Administration Services,"The Hyperion Essbase Administration Services, a product of Oracle Essbase, is susceptible to an unauthorized access vulnerability that can be exploited by unauthenticated attackers with network access via HTTP. This flaw enables malicious actors to potentially gain access to sensitive data within the service. Affected versions include 11.1.2.4 and 21.2, posing significant risks to data confidentiality and integrity.",Oracle,Hyperion Essbase Administration Services,7.5,HIGH,0.004110000096261501,false,,false,false,false,,,false,false,,2021-07-20T22:43:28.000Z,0
CVE-2021-2349,https://securityvulnerability.io/vulnerability/CVE-2021-2349,Unauthenticated Access Vulnerability in Oracle Hyperion Essbase Administration Services,"A critical vulnerability exists in the Oracle Hyperion Essbase Administration Services, specifically within the EAS Console component. This weakness allows an unauthenticated attacker with network access via HTTP to exploit the system. While the vulnerability specifically impacts Hyperion Essbase Administration Services, successful exploitation could lead to unauthorized access to sensitive data, compromising the integrity of the entire service. Affected versions include 11.1.2.4 and 21.2, highlighting the urgency for users to assess their exposure and implement protective measures as soon as possible.",Oracle,Hyperion Essbase Administration Services,8.6,HIGH,0.004110000096261501,false,,false,false,false,,,false,false,,2021-07-20T22:43:27.000Z,0
CVE-2018-3142,https://securityvulnerability.io/vulnerability/CVE-2018-3142,,"Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: EAS Console). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hyperion Essbase Administration Services. While the vulnerability is in Hyperion Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion Essbase Administration Services accessible data. CVSS 3.0 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",Oracle,Hyperion Essbase Administration Services,7.7,HIGH,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-10-17T01:00:00.000Z,0
CVE-2018-3140,https://securityvulnerability.io/vulnerability/CVE-2018-3140,,"Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: EAS Console). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Essbase Administration Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Essbase Administration Services accessible data as well as unauthorized read access to a subset of Hyperion Essbase Administration Services accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Hyperion Essbase Administration Services,6.1,MEDIUM,0.0011099999537691474,false,,false,false,false,,,false,false,,2018-10-17T01:00:00.000Z,0
CVE-2018-3141,https://securityvulnerability.io/vulnerability/CVE-2018-3141,,"Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: EAS Console). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Essbase Administration Services. While the vulnerability is in Hyperion Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Essbase Administration Services accessible data. CVSS 3.0 Base Score 5.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N).",Oracle,Hyperion Essbase Administration Services,5.8,MEDIUM,0.001339999958872795,false,,false,false,false,,,false,false,,2018-10-17T01:00:00.000Z,0