CVE-2021-35655 : What You Need to Know

A vulnerability has been identified in the Essbase Administration Services product of Oracle Essbase. Attackers can exploit this vulnerability to compromise Essbase Administration Services, leading to unauthorized access to sensitive data.

Understanding CVE-2021-35655

This CVE affects the Hyperion Essbase Administration Services by Oracle Corporation.

What is CVE-2021-35655?

The vulnerability in the EAS Console component of Oracle Essbase allows unauthenticated attackers with network access via HTTP to compromise Essbase Administration Services. Successful exploitation grants unauthorized read access to specified data.

The Impact of CVE-2021-35655

The vulnerability has a CVSS 3.1 Base Score of 5.3 with confidentiality impacts. It poses a medium severity threat with low confidentiality and no integrity impacts.

Technical Details of CVE-2021-35655

The technical details reveal the vulnerability description, affected systems and versions, and the exploitation mechanism.

Vulnerability Description

The vulnerability allows unauthenticated attackers to compromise Essbase Administration Services, resulting in unauthorized access to specific data.

Affected Systems and Versions

The vulnerability affects Hyperion Essbase Administration Services versions prior to 11.1.2.4.046 and prior to 21.3.

Exploitation Mechanism

Attackers exploit this vulnerability by gaining network access via HTTP to compromise Essbase Administration Services.

Mitigation and Prevention

To address CVE-2021-35655, immediate steps and long-term security practices should be followed. Regular patching and updates are essential.

Immediate Steps to Take

Update Hyperion Essbase Administration Services to the latest version.
Restrict network access to essential users only.

Long-Term Security Practices

Conduct regular security assessments and audits.
Implement strong authentication mechanisms.

Patching and Updates

Stay informed about security alerts and apply patches promptly.