Login Sign Up

CVE-2021-2349

8.6 HIGH

📋 TL;DR

This vulnerability in Oracle Hyperion Essbase Administration Services allows unauthenticated attackers to remotely access sensitive data via HTTP. It affects versions 11.1.2.4 and 21.2, potentially compromising critical business intelligence data stored in Essbase systems.

💻 Affected Systems

Products:
  • Oracle Hyperion Essbase Administration Services
Versions: 11.1.2.4 and 21.2
Operating Systems: All supported platforms for Oracle Essbase
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the EAS Console component and affects both listed versions. Attacks may impact additional products connected to Essbase.

📦 What is this software?

Hyperion Essbase Administration Services by Oracle

View all CVEs affecting Hyperion Essbase Administration Services →

Hyperion Essbase Administration Services by Oracle

View all CVEs affecting Hyperion Essbase Administration Services →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all data accessible through Hyperion Essbase Administration Services, including sensitive business intelligence, financial data, and potentially credentials for connected systems.

🟠

Likely Case

Unauthorized access to confidential business data, financial reports, and analytical information stored in Essbase databases.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent unauthenticated HTTP access to the administration console.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The CVSS vector indicates network access via HTTP with no authentication required and low attack complexity, making exploitation straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches from Oracle Critical Patch Update July 2021

Vendor Advisory: https://www.oracle.com/security-alerts/cpujul2021.html

Restart Required: Yes

Instructions:

1. Download the appropriate patch from My Oracle Support. 2. Apply the patch following Oracle's Essbase patching procedures. 3. Restart the Essbase Administration Services. 4. Verify the patch was successfully applied.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to Essbase Administration Services to trusted IP addresses only

Use firewall rules to allow only authorized IPs to access port 13080 (default EAS port)

Authentication Enforcement

all

Implement additional authentication layer before accessing EAS console

Configure reverse proxy with authentication or implement network-level authentication

🧯 If You Can't Patch

  • Isolate Essbase Administration Services in a separate network segment with strict access controls
  • Implement network monitoring and intrusion detection specifically for EAS console traffic

🔍 How to Verify

Check if Vulnerable:

Check if running Oracle Hyperion Essbase Administration Services version 11.1.2.4 or 21.2

Check Version:

Check Essbase version through EAS console or examine installation logs

Verify Fix Applied:

Verify patch application through Oracle OPatch utility and confirm version is no longer vulnerable

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated access attempts to EAS console
  • Unusual data access patterns from unexpected IP addresses

Network Indicators:

  • HTTP requests to EAS console port from unauthorized sources
  • Unusual data extraction patterns

SIEM Query:

source_ip NOT IN (trusted_ips) AND dest_port=13080 AND protocol=HTTP

📊 Metadata

CVE ID: CVE-2021-2349
CVSS v3 Score: 8.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Published: July 21, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON