Oracle Essbase
23 CVEs affecting Oracle Essbase. Latest disclosed: 2025-10-21. Critical: 1, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-3711 | Critical | 9.8 | 2021-08-24 | In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function… |
CVE-2025-61763 | High | 8.1 | 2025-10-21 | Vulnerability in Oracle Essbase (component: Essbase Web Platform). The supported version that is affected is 21.7.3.0.0. Easily exploitable vulnerability all… |
CVE-2021-22901 | High | 8.1 | 2021-06-11 | curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over… |
CVE-2021-20718 | High | 7.5 | 2021-05-20 | mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors. |
CVE-2020-8286 | High | 7.5 | 2020-12-14 | curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. |
CVE-2020-8285 | High | 7.5 | 2020-12-14 | curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. |
CVE-2019-12402 | High | 7.5 | 2019-08-30 | The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs… |
CVE-2021-3712 | High | 7.4 | 2021-08-24 | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buf… |
CVE-2019-10219 | Medium | 6.1 | 2019-11-08 | A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious cod… |
CVE-2021-3449 | Medium | 5.9 | 2021-03-25 | An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the… |
CVE-2021-23841 | Medium | 5.9 | 2021-02-16 | The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained withi… |
CVE-2020-1971 | Medium | 5.9 | 2020-12-08 | The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a fu… |
CVE-2022-21508 | Medium | 5.8 | 2022-07-19 | Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.3. Easily exploitable vulnerability allows… |
CVE-2023-21944 | Medium | 5.3 | 2023-04-18 | Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4. Difficult to exploit vulnerability al… |
CVE-2023-21943 | Medium | 5.3 | 2023-04-18 | Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4. Difficult to exploit vulnerability al… |
CVE-2023-21942 | Medium | 5.3 | 2023-04-18 | Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4. Difficult to exploit vulnerability al… |
CVE-2021-22897 | Medium | 5.3 | 2021-06-11 | curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is buil… |
CVE-2021-22876 | Medium | 5.3 | 2021-04-01 | curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP R… |
CVE-2020-7760 | Medium | 5.3 | 2020-10-30 | This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is locat… |
CVE-2021-22890 | Low | 3.7 | 2021-04-01 | curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tick… |