• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Multiple Oracle MySQL Vulnerabilities
October 21, 2021
Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
October 21, 2021

Rewterz Threat Advisory – Multiple Oracle Essbase Administration Server Vulnerabilities

October 21, 2021

Severity

Medium

Analysis Summary

CVE-2021-35655 

An unspecified vulnerability in Oracle Essbase Administration Services related to the EAS Console component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.

CVE-2021-35654 

An unspecified vulnerability in Oracle Essbase Administration Services related to the EAS Console component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.

CVE-2021-35653 

An unspecified vulnerability in Oracle Essbase Administration Services related to the EAS Console component could allow an authenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.

CVE-2021-35652 

An unspecified vulnerability in Essbase Administration Services related to the EAS Console component could allow an unauthenticated attacker to take control of the system.

CVE-2021-35651 

An unspecified vulnerability in Oracle Essbase Administration Services related to the EAS Console component could allow an authenticated attacker to cause high confidentiality impact, low integrity impact, and no availability impact.

Impact

  • Information Disclosure
  • Denial of Service
  • Unauthorized Access

Affected Vendors

Oracle

Affected Products

  • Oracle Essbase Administration Services 11.1.2.4.046

Remediation

Refer to Oracle Critical Patch Update Advisory for patch, upgrade, or suggested workaround information.

https://www.oracle.com/security-alerts/cpuoct2021.html
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.