CVE-2021-2435

HIGH

Oracle Essbase 11.1.2.4 - Info Disclosure

Title source: llm

Description

Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Essbase Analytic Provider Services accessible data as well as unauthorized access to critical data or complete access to all Essbase Analytic Provider Services accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujul2021.html

Scores

CVSS v3 8.1

EPSS 0.0182

EPSS Percentile 83.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

Status published

Products (1)

oracle/essbase_analytic_provider_services 11.1.2.4

Published Jul 21, 2021

Tracked Since Feb 18, 2026