Oracle Essbase 21.4.3.0.0 Security & Provisioning Read-Access Vulnerability
CVE-2023-22010 Published on July 18, 2023
Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4.3.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Essbase accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).
Vulnerability Analysis
CVE-2023-22010 is exploitable with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Products Associated with CVE-2023-22010
Want to know whenever a new CVE is published for Oracle Essbase? stack.watch will email you.
Affected Versions
Oracle Corporation Hyperion Essbase Version 21.4.3.0.0 is affected by CVE-2023-22010Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.