CVE-2023-21943: 
Oracle Essbase vulnerability analysis and mitigation

Vulnerability in Oracle Essbase (component: Security and Provisioning) affecting version 21.4. This vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle Essbase. The vulnerability requires human interaction from a person other than the attacker for successful exploitation (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 5.3 (Medium) with the vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N. The scoring indicates that while the vulnerability is network-accessible, it is difficult to exploit and requires user interaction. The primary impact is on confidentiality, with potential unauthorized access to critical data (Oracle CPU, NVD).

Successful exploitation of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Essbase accessible data. The vulnerability specifically impacts the confidentiality of the system, while integrity and availability remain unaffected (Oracle CPU).

Oracle has addressed this vulnerability in the April 2023 Critical Patch Update. Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible due to the threat posed by successful attacks (Oracle CPU).