Main Vulnerability Database Vulnerabilities #VU78392

#VU78392 Improper input validation in Essbase Administration Services - CVE-2023-21961

Published: July 19, 2023

Vulnerability identifier: #VU78392

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-21961

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Essbase Administration Services

Software vendor:
Oracle

Description

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the EAS Administration and EAS Console component in Oracle Hyperion Essbase Administration Services. A local privileged user can exploit this vulnerability to gain access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://www.oracle.com/security-alerts/cpujul2023.html