Oracle Essbase 21.3 Security/Provisioning unknown vulnerability

A vulnerability was found in Oracle Essbase 21.3. It has been rated as critical. Affected by this issue is an unknown part of the component Security/Provisioning. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field07/20/2022 08:15 AM08/06/2022 04:14 PM08/06/2022 04:20 PM
vendorOracleOracleOracle
nameEssbaseEssbaseEssbase
cveCVE-2022-21508CVE-2022-21508CVE-2022-21508
componentSecurity/ProvisioningSecurity/ProvisioningSecurity/Provisioning
risk222
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prHHH
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aNNN
version21.321.321.3
cvss3_vuldb_rcCCC
cvss3_vuldb_rlOOO
urlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.html
date1658181600 (07/19/2022)1658181600 (07/19/2022)1658181600 (07/19/2022)
identifierOracle Critical Patch Update Advisory - July 2022Oracle Critical Patch Update Advisory - July 2022Oracle Critical Patch Update Advisory - July 2022
date1658181600 (07/19/2022)1658181600 (07/19/2022)1658181600 (07/19/2022)
nameUpgradeUpgradeUpgrade
cvss2_vuldb_avLLL
cvss2_vuldb_acLLL
cvss2_vuldb_auMMM
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore5.95.95.9
cvss2_vuldb_tempscore5.15.15.1
cvss3_vuldb_basescore5.85.85.8
cvss3_vuldb_tempscore5.65.65.6
cvss3_meta_basescore5.85.85.8
cvss3_meta_tempscore5.65.65.7
price_0day$5k-$25k$5k-$25k$5k-$25k
cve_assigned1636930800 (11/15/2021)1636930800 (11/15/2021)
cve_nvd_summaryVulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.3. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Essbase executes to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Essbase accessible data as well as unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N).Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.3. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Essbase executes to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Essbase accessible data as well as unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N).
cvss3_cna_avL
cvss3_cna_acL
cvss3_cna_prH
cvss3_cna_uiR
cvss3_cna_sU
cvss3_cna_cH
cvss3_cna_iH
cvss3_cna_aN
cve_cnaOracle
cvss3_cna_basescore5.8

Interested in the pricing of exploits?

See the underground prices here!