Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI) and Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). Supported versions that are affected are Hyperion Analytic Provider Services 11.1.2.4 and 12.2.1.4, and Essbase Analytic Provider Services 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Analytic Provider Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Hyperion Analytic Provider Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
Conclusion & alert: CVE-2021-2244 is rated High Risk (65.9/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 1.75%). Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 2.07% | 1.75% | -0.32% |
| 2 | 2025-03-30 | 5.18% | 2.07% | -3.12% |
| 3 | 2025-03-29 | — | 5.18% | — |
Full EPSS history (25 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 10.0 | 3.1 | CRITICAL |
|
3.9 | 6.0 | [email protected] |
| 7.5 | 2.0 | HIGH |
|
10.0 | 6.4 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| oracle | essbase_analytic_provider_services | 21.2 | cpe:2.3:a:oracle:essbase_analytic_provider_services:21.2:*:*:*:*:*:*:* |
| oracle | hyperion_analytic_provider_services | 11.1.2.4 | cpe:2.3:a:oracle:hyperion_analytic_provider_services:11.1.2.4:*:*:*:*:*:*:* |
| oracle | hyperion_analytic_provider_services | 12.2.1.4 | cpe:2.3:a:oracle:hyperion_analytic_provider_services:12.2.1.4:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://www.oracle.com/security-alerts/cpuapr2021.html | Patch Vendor Advisory |
| https://www.oracle.com/security-alerts/cpujul2021.html | Vendor Advisory |