CVE-2021-2435

Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase component: JAPI. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Analytic Provider Services...

CVE-2021-2349

Vulnerability in the Hyperion Essbase Administration Services product of Oracle Essbase component: EAS Console. Supported versions that are affected are 11.1.2.4 and 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Essbase...

CVE-2021-2350

Vulnerability in the Hyperion Essbase Administration Services product of Oracle Essbase component: EAS Console. Supported versions that are affected are 11.1.2.4 and 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Essbase...

Oracle Essbase Multiple Vulnerabilities (April 2025 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the April 2025 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Web Platform OpenSSL. The supported version that is affected is 21.7.1.0.0. Easily...

Vulnerabilities fixed in Oracle Database Products

Oracle has fixed vulnerabilities in several Oracle Database Products and subsystems, including Oracle Server, NoSQL, TimesTen, Secure Backup and Essbase. The vulnerabilities allow unauthenticated malicious actors to cause a Denial-of-Service or gain unauthorized access to sensitive data and...

CVE-2021-35653

Vulnerability in the Essbase Administration Services product of Oracle Essbase component: EAS Console. The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2021-35651

Vulnerability in the Essbase Administration Services product of Oracle Essbase component: EAS Console. The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2021-35683

Vulnerability in the Oracle Essbase Administration Services product of Oracle Essbase component: EAS Console. The supported version that is affected is Prior to 11.1.2.4.047. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Essbase...

CVE-2021-35652

Vulnerability in the Essbase Administration Services product of Oracle Essbase component: EAS Console. The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2021-35654

Vulnerability in the Essbase Administration Services product of Oracle Essbase component: EAS Console. The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

Oracle Essbase Multiple Vulnerabilities (October 2024 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the October 2024 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Essbase Web Platform curl. The supported version that is affected is 21.6. Easily...

Vulnerabilities fixed in Oracle Database products

Oracle has fixed vulnerabilities in several Database products and subsystems, including the Core database, Application Express, Autonomous Health Framework, Essbase, GoldenGate, SQL Developer and Secure Backup. A malicious party can exploit the vulnerabilities to launch attacks that can lead to t...

Oracle Essbase Multiple Vulnerabilities (July 2024 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the July 2024 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Essbase Web Platform Apache Xerces-C++. The supported version that is affected is 21.5.6...

Vulnerabilities fixed in Oracle Essbase

Vulnerabilities have been fixed in Oracle Essbase. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Increased user privileges Oracle has made updates available to fix the vulnerabilities. See the...

Vulnerabilities fixed in Oracle Database products

Oracle has fixed vulnerabilities in several Database Server products. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Access to system da...

Oracle Patch Update, January 2024 Security Update Review

Oracle has released its first quarterly edition of Critical Patch Update, which contains patches for 389 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in a wide range of product families, includin...

Oracle Essbase Multiple Vulnerabilities (January 2024 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the January 2024 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Essbase Web Platform OpenSSL. Easily exploitable vulnerability allows unauthenticated...

Oracle Essbase DoS (October 2022 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the October 2023 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Essbase Web Platform OpenSSL. The supported version that is affected is 21.5.0.0.0...

Vulnerability fixed in Oracle Essbase

A vulnerability has been fixed in Oracle Essbase products. A authenticated malicious party can exploit the vulnerability to cause cause a denial-of-service DoS attack. Oracle has fixed the vulnerability in the following products: - Oracle Essbase...

Oracle Essbase Multiple Vulnerabilities (October 2022 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the October 2022 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in Oracle Essbase component: Build cURL. The supported version that is affecte...