Description
An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. This occurs because of a combination of three factors: ZFS extended attributes are used to implement NT named streams, the SMB protocol requires implementations to have open handle semantics similar to those of NTFS, and the SMB server passes along certain attribute requests to the underlying object (i.e., they are not considered to be requests that pertain to the named stream).
Affected Software
Related
{"id": "CVE-2019-9579", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2019-9579", "description": "An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. This occurs because of a combination of three factors: ZFS extended attributes are used to implement NT named streams, the SMB protocol requires implementations to have open handle semantics similar to those of NTFS, and the SMB server passes along certain attribute requests to the underlying object (i.e., they are not considered to be requests that pertain to the named stream).", "published": "2022-12-26T20:15:00", "modified": "2023-01-05T19:36:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.2}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9579", "reporter": "cve@mitre.org", "references": ["https://www.oracle.com/security-alerts/cpuapr2020.html", "https://www.illumos.org/issues/10506"], "cvelist": ["CVE-2019-9579"], "immutableFields": [], "lastseen": "2023-02-09T14:58:48", "viewCount": 18, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SOLARIS_JAN2020_SRU11_4_15_5_0.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2020", "ORACLE:CPUJAN2020"]}], "rev": 4}, "score": {"value": 3.3, "vector": "NONE"}, "epss": [{"cve": "CVE-2019-9579", "epss": "0.000480000", "percentile": "0.149370000", "modified": "2023-03-18"}], "vulnersScore": 3.3}, "_state": {"dependencies": 1675960477, "score": 1675958347, "affected_software_major_version": 1677362209, "epss": 1679179052}, "_internal": {"score_hash": "3562759d79509919770032a274e2e8e2"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:oracle:solaris:11", "cpe:/a:illumos:illumos:-"], "cpe23": ["cpe:2.3:a:illumos:illumos:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:solaris:11:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "affectedSoftware": [{"cpeName": "illumos:illumos", "version": "-", "operator": "eq", "name": "illumos"}, {"cpeName": "oracle:solaris", "version": "11", "operator": "eq", "name": "oracle solaris"}], "affectedConfiguration": [{"name": "nexenta nexentastor", "cpeName": "nexenta:nexentastor", "version": "4.0.5", "operator": "eq"}, {"name": "nexenta nexentastor", "cpeName": "nexenta:nexentastor", "version": "5.1.2", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:illumos:illumos:-:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:a:nexenta:nexentastor:4.0.5:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": false, "cpe23Uri": "cpe:2.3:a:nexenta:nexentastor:5.1.2:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:solaris:11:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://www.illumos.org/issues/10506", "name": "https://www.illumos.org/issues/10506", "refsource": "MISC", "tags": ["Mitigation", "Patch", "Vendor Advisory"]}], "product_info": [{"vendor": "Oracle", "product": "Solaris"}, {"vendor": "Illumos", "product": "Illumos"}]}
{"nessus": [{"lastseen": "2023-02-28T14:54:41", "description": "This Solaris system is missing necessary patches to address critical security updates :\n\n - Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMB Server). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. (CVE-2019-9579)\n\n - Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris.\n (CVE-2020-2647)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "Oracle Solaris Critical Patch Update : jan2020_SRU11_4_15_5_0", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9579", "CVE-2020-2647"], "modified": "2023-01-11T00:00:00", "cpe": ["cpe:/o:oracle:solaris"], "id": "SOLARIS_JAN2020_SRU11_4_15_5_0.NASL", "href": "https://www.tenable.com/plugins/nessus/132996", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle CPU for jan2020.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132996);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/11\");\n\n script_cve_id(\"CVE-2019-9579\", \"CVE-2020-2647\");\n script_xref(name:\"IAVA\", value:\"2020-A-0018-S\");\n\n script_name(english:\"Oracle Solaris Critical Patch Update : jan2020_SRU11_4_15_5_0\");\n script_summary(english:\"Check for the jan2020 CPU\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Solaris system is missing a security patch from CPU\njan2020.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This Solaris system is missing necessary patches to address critical\nsecurity updates :\n\n - Vulnerability in the Oracle Solaris product of Oracle\n Systems (component: SMB Server). The supported version\n that is affected is 11. Easily exploitable vulnerability\n allows low privileged attacker with logon to the\n infrastructure where Oracle Solaris executes to\n compromise Oracle Solaris. Successful attacks of this\n vulnerability can result in unauthorized update, insert\n or delete access to some of Oracle Solaris accessible\n data. (CVE-2019-9579)\n\n - Vulnerability in the Oracle Solaris product of Oracle\n Systems (component: Kernel). Supported versions that are\n affected are 10 and 11. Easily exploitable vulnerability\n allows low privileged attacker with logon to the\n infrastructure where Oracle Solaris executes to\n compromise Oracle Solaris. Successful attacks require\n human interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of Oracle Solaris.\n (CVE-2020-2647)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.oracle.com/epmos/faces/DocumentDisplay?id=2623333.1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/a/tech/docs/cpujan2020cvrf.xml\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/security-alerts/cpujan2020.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Install the jan2020 CPU from the Oracle support website.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2647\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\n\n\nfix_release = \"11.4-11.4.15.0.1.5.0\";\n\nflag = 0;\n\nif (solaris_check_release(release:\"11.4-11.4.15.0.1.5.0\", sru:\"11.4.15.5.0\") > 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:solaris_get_report2());\n else security_note(0);\n exit(0);\n}\naudit(AUDIT_OS_RELEASE_NOT, \"Solaris\", fix_release, release);\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}], "oracle": [{"lastseen": "2022-10-24T19:59:02", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 334 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ January 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2627487.1>).\n", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-01-14T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - January 2020", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1695", "CVE-2012-3135", "CVE-2014-3004", "CVE-2014-3596", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2183", "CVE-2016-4000", "CVE-2016-5019", "CVE-2016-6306", "CVE-2016-6814", "CVE-2016-8610", "CVE-2017-1000376", "CVE-2017-12626", "CVE-2017-14735", "CVE-2017-15708", "CVE-2017-15906", "CVE-2017-5645", "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-1000030", "CVE-2018-1060", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-11759", "CVE-2018-11784", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-14718", "CVE-2018-15473", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-16395", "CVE-2018-17189", "CVE-2018-19362", "CVE-2018-20684", "CVE-2018-5407", "CVE-2018-6829", "CVE-2018-8032", "CVE-2018-8039", "CVE-2019-0199", "CVE-2019-0215", "CVE-2019-0221", "CVE-2019-0227", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10086", "CVE-2019-10088", "CVE-2019-10092", "CVE-2019-10093", "CVE-2019-10094", "CVE-2019-10098", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11358", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12406", "CVE-2019-12415", "CVE-2019-12419", "CVE-2019-12814", "CVE-2019-13117", "CVE-2019-13118", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-1559", "CVE-2019-1563", "CVE-2019-15845", "CVE-2019-16168", "CVE-2019-16201", "CVE-2019-16254", "CVE-2019-16255", "CVE-2019-16335", "CVE-2019-16775", "CVE-2019-16776", "CVE-2019-16777", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17267", "CVE-2019-17359", "CVE-2019-17531", "CVE-2019-2094", "CVE-2019-2725", "CVE-2019-2729", "CVE-2019-2904", "CVE-2019-3862", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-5718", "CVE-2019-8457", "CVE-2019-9208", "CVE-2019-9579", "CVE-2019-9636", "CVE-2019-9936", "CVE-2019-9937", "CVE-2020-2510", "CVE-2020-2511", "CVE-2020-2512", "CVE-2020-2515", "CVE-2020-2516", "CVE-2020-2517", "CVE-2020-2518", "CVE-2020-2519", "CVE-2020-2527", "CVE-2020-2530", "CVE-2020-2531", "CVE-2020-2533", "CVE-2020-2534", "CVE-2020-2535", "CVE-2020-2536", "CVE-2020-2537", "CVE-2020-2538", "CVE-2020-2539", "CVE-2020-2540", "CVE-2020-2541", "CVE-2020-2542", "CVE-2020-2543", "CVE-2020-2544", "CVE-2020-2545", "CVE-2020-2546", "CVE-2020-2547", "CVE-2020-2548", "CVE-2020-2549", "CVE-2020-2550", "CVE-2020-2551", "CVE-2020-2552", "CVE-2020-2555", "CVE-2020-2556", "CVE-2020-2557", "CVE-2020-2558", "CVE-2020-2559", "CVE-2020-2560", "CVE-2020-2561", "CVE-2020-2563", "CVE-2020-2564", "CVE-2020-2565", "CVE-2020-2566", "CVE-2020-2567", "CVE-2020-2568", "CVE-2020-2569", "CVE-2020-2570", "CVE-2020-2571", "CVE-2020-2572", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2576", "CVE-2020-2577", "CVE-2020-2578", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2581", "CVE-2020-2582", "CVE-2020-2583", "CVE-2020-2584", "CVE-2020-2585", "CVE-2020-2586", "CVE-2020-2587", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2590", "CVE-2020-2591", "CVE-2020-2592", "CVE-2020-2593", "CVE-2020-2595", "CVE-2020-2596", "CVE-2020-2597", "CVE-2020-2598", "CVE-2020-2599", "CVE-2020-2600", "CVE-2020-2601", "CVE-2020-2602", "CVE-2020-2603", "CVE-2020-2604", "CVE-2020-2605", "CVE-2020-2606", "CVE-2020-2607", "CVE-2020-2608", "CVE-2020-2609", "CVE-2020-2610", "CVE-2020-2611", "CVE-2020-2612", "CVE-2020-2613", "CVE-2020-2614", "CVE-2020-2615", "CVE-2020-2616", "CVE-2020-2617", "CVE-2020-2618", "CVE-2020-2619", "CVE-2020-2620", "CVE-2020-2621", "CVE-2020-2622", "CVE-2020-2623", "CVE-2020-2624", "CVE-2020-2625", "CVE-2020-2626", "CVE-2020-2627", "CVE-2020-2628", "CVE-2020-2629", "CVE-2020-2630", "CVE-2020-2631", "CVE-2020-2632", "CVE-2020-2633", "CVE-2020-2634", "CVE-2020-2635", "CVE-2020-2636", "CVE-2020-2637", "CVE-2020-2638", "CVE-2020-2639", "CVE-2020-2640", "CVE-2020-2641", "CVE-2020-2642", "CVE-2020-2643", "CVE-2020-2644", "CVE-2020-2645", "CVE-2020-2646", "CVE-2020-2647", "CVE-2020-2648", "CVE-2020-2649", "CVE-2020-2650", "CVE-2020-2651", "CVE-2020-2652", "CVE-2020-2653", "CVE-2020-2654", "CVE-2020-2655", "CVE-2020-2656", "CVE-2020-2657", "CVE-2020-2658", "CVE-2020-2659", "CVE-2020-2660", "CVE-2020-2661", "CVE-2020-2662", "CVE-2020-2663", "CVE-2020-2664", "CVE-2020-2665", "CVE-2020-2666", "CVE-2020-2667", "CVE-2020-2668", "CVE-2020-2669", "CVE-2020-2670", "CVE-2020-2671", "CVE-2020-2672", "CVE-2020-2673", "CVE-2020-2674", "CVE-2020-2675", "CVE-2020-2676", "CVE-2020-2677", "CVE-2020-2678", "CVE-2020-2679", "CVE-2020-2680", "CVE-2020-2681", "CVE-2020-2682", "CVE-2020-2683", "CVE-2020-2684", "CVE-2020-2685", "CVE-2020-2686", "CVE-2020-2687", "CVE-2020-2688", "CVE-2020-2689", "CVE-2020-2690", "CVE-2020-2691", "CVE-2020-2692", "CVE-2020-2693", "CVE-2020-2694", "CVE-2020-2695", "CVE-2020-2696", "CVE-2020-2697", "CVE-2020-2698", "CVE-2020-2699", "CVE-2020-2700", "CVE-2020-2701", "CVE-2020-2702", "CVE-2020-2703", "CVE-2020-2704", "CVE-2020-2705", "CVE-2020-2707", "CVE-2020-2709", "CVE-2020-2710", "CVE-2020-2711", "CVE-2020-2712", "CVE-2020-2713", "CVE-2020-2714", "CVE-2020-2715", "CVE-2020-2716", "CVE-2020-2717", "CVE-2020-2718", "CVE-2020-2719", "CVE-2020-2720", "CVE-2020-2721", "CVE-2020-2722", "CVE-2020-2723", "CVE-2020-2724", "CVE-2020-2725", "CVE-2020-2726", "CVE-2020-2727", "CVE-2020-2728", "CVE-2020-2729", "CVE-2020-2730", "CVE-2020-2731", "CVE-2020-6950"], "modified": "2020-04-20T00:00:00", "id": "ORACLE:CPUJAN2020", "href": "https://www.oracle.com/security-alerts/cpujan2020.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-24T19:58:58", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 399 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2652714.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-04-14T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - April 2020", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0254", "CVE-2015-1832", "CVE-2015-3253", "CVE-2015-7940", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-10244", "CVE-2016-10251", "CVE-2016-10328", "CVE-2016-2183", "CVE-2016-2381", "CVE-2016-3092", "CVE-2016-4000", "CVE-2016-4463", "CVE-2016-6306", "CVE-2016-6489", "CVE-2016-7103", "CVE-2016-8610", "CVE-2017-12626", "CVE-2017-13745", "CVE-2017-14232", "CVE-2017-14735", "CVE-2017-15706", "CVE-2017-3160", "CVE-2017-5130", "CVE-2017-5529", "CVE-2017-5533", "CVE-2017-5645", "CVE-2017-5754", "CVE-2017-7857", "CVE-2017-7858", "CVE-2017-7864", "CVE-2017-8105", "CVE-2017-8287", "CVE-2018-0732", "CVE-2018-0734", "CVE-2018-0737", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000632", "CVE-2018-1000873", "CVE-2018-10237", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-1165", "CVE-2018-11775", "CVE-2018-11784", "CVE-2018-11797", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1258", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-1320", "CVE-2018-1336", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-17197", "CVE-2018-18227", "CVE-2018-18311", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-19539", "CVE-2018-19540", "CVE-2018-19541", "CVE-2018-19542", "CVE-2018-19543", "CVE-2018-19622", "CVE-2018-19623", "CVE-2018-19624", "CVE-2018-19625", "CVE-2018-19626", "CVE-2018-19627", "CVE-2018-19628", "CVE-2018-20346", "CVE-2018-20506", "CVE-2018-20570", "CVE-2018-20584", "CVE-2018-20622", "CVE-2018-20843", "CVE-2018-20852", "CVE-2018-5407", "CVE-2018-5711", "CVE-2018-5712", "CVE-2018-6942", "CVE-2018-8014", "CVE-2018-8032", "CVE-2018-8034", "CVE-2018-8036", "CVE-2018-8037", "CVE-2018-8039", "CVE-2018-9055", "CVE-2018-9154", "CVE-2018-9252", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0199", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0221", "CVE-2019-0222", "CVE-2019-0227", "CVE-2019-0228", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10086", "CVE-2019-10088", "CVE-2019-10092", "CVE-2019-10093", "CVE-2019-10094", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-1010238", "CVE-2019-10173", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12387", "CVE-2019-12402", "CVE-2019-12406", "CVE-2019-12415", "CVE-2019-12418", "CVE-2019-12419", "CVE-2019-12855", "CVE-2019-13057", "CVE-2019-13565", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-14821", "CVE-2019-14889", "CVE-2019-15161", "CVE-2019-15162", "CVE-2019-15163", "CVE-2019-15164", "CVE-2019-15165", "CVE-2019-1543", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-15601", "CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606", "CVE-2019-1563", "CVE-2019-15903", "CVE-2019-16056", "CVE-2019-16168", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17195", "CVE-2019-17359", "CVE-2019-17531", "CVE-2019-17563", "CVE-2019-17571", "CVE-2019-18197", "CVE-2019-19242", "CVE-2019-19244", "CVE-2019-19269", "CVE-2019-19317", "CVE-2019-19553", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19926", "CVE-2019-19959", "CVE-2019-20218", "CVE-2019-20330", "CVE-2019-2412", "CVE-2019-2725", "CVE-2019-2729", "CVE-2019-2756", "CVE-2019-2759", "CVE-2019-2852", "CVE-2019-2853", "CVE-2019-2878", "CVE-2019-2880", "CVE-2019-2899", "CVE-2019-2904", "CVE-2019-3008", "CVE-2019-5427", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-8457", "CVE-2019-9517", "CVE-2019-9579", "CVE-2020-2514", "CVE-2020-2522", "CVE-2020-2524", "CVE-2020-2553", "CVE-2020-2558", "CVE-2020-2575", "CVE-2020-2578", "CVE-2020-2594", "CVE-2020-2680", "CVE-2020-2706", "CVE-2020-2733", "CVE-2020-2734", "CVE-2020-2735", "CVE-2020-2737", "CVE-2020-2738", "CVE-2020-2739", "CVE-2020-2740", "CVE-2020-2741", "CVE-2020-2742", "CVE-2020-2743", "CVE-2020-2744", "CVE-2020-2745", "CVE-2020-2746", "CVE-2020-2747", "CVE-2020-2748", "CVE-2020-2749", "CVE-2020-2750", "CVE-2020-2751", "CVE-2020-2752", "CVE-2020-2753", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2758", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2764", "CVE-2020-2765", "CVE-2020-2766", "CVE-2020-2767", "CVE-2020-2768", "CVE-2020-2769", "CVE-2020-2770", "CVE-2020-2771", "CVE-2020-2772", "CVE-2020-2773", "CVE-2020-2774", "CVE-2020-2775", "CVE-2020-2776", "CVE-2020-2777", "CVE-2020-2778", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2781", "CVE-2020-2782", "CVE-2020-2783", "CVE-2020-2784", "CVE-2020-2785", "CVE-2020-2786", "CVE-2020-2787", "CVE-2020-2789", "CVE-2020-2790", "CVE-2020-2791", "CVE-2020-2793", "CVE-2020-2794", "CVE-2020-2795", "CVE-2020-2796", "CVE-2020-2797", "CVE-2020-2798", "CVE-2020-2799", "CVE-2020-2800", "CVE-2020-2801", "CVE-2020-2802", "CVE-2020-2803", "CVE-2020-2804", "CVE-2020-2805", "CVE-2020-2806", "CVE-2020-2807", "CVE-2020-2808", "CVE-2020-2809", "CVE-2020-2810", "CVE-2020-2811", "CVE-2020-2812", "CVE-2020-2813", "CVE-2020-2814", "CVE-2020-2815", "CVE-2020-2816", "CVE-2020-2817", "CVE-2020-2818", "CVE-2020-2819", "CVE-2020-2820", "CVE-2020-2821", "CVE-2020-2822", "CVE-2020-2823", "CVE-2020-2824", "CVE-2020-2825", "CVE-2020-2826", "CVE-2020-2827", "CVE-2020-2828", "CVE-2020-2829", "CVE-2020-2830", "CVE-2020-2831", "CVE-2020-2832", "CVE-2020-2833", "CVE-2020-2834", "CVE-2020-2835", "CVE-2020-2836", "CVE-2020-2837", "CVE-2020-2838", "CVE-2020-2839", "CVE-2020-2840", "CVE-2020-2841", "CVE-2020-2842", "CVE-2020-2843", "CVE-2020-2844", "CVE-2020-2845", "CVE-2020-2846", "CVE-2020-2847", "CVE-2020-2848", "CVE-2020-2849", "CVE-2020-2850", "CVE-2020-2851", "CVE-2020-2852", "CVE-2020-2853", "CVE-2020-2854", "CVE-2020-2855", "CVE-2020-2856", "CVE-2020-2857", "CVE-2020-2858", "CVE-2020-2859", "CVE-2020-2860", "CVE-2020-2861", "CVE-2020-2862", "CVE-2020-2863", "CVE-2020-2864", "CVE-2020-2865", "CVE-2020-2866", "CVE-2020-2867", "CVE-2020-2868", "CVE-2020-2869", "CVE-2020-2870", "CVE-2020-2871", "CVE-2020-2872", "CVE-2020-2873", "CVE-2020-2874", "CVE-2020-2875", "CVE-2020-2876", "CVE-2020-2877", "CVE-2020-2878", "CVE-2020-2879", "CVE-2020-2880", "CVE-2020-2881", "CVE-2020-2882", "CVE-2020-2883", "CVE-2020-2884", "CVE-2020-2885", "CVE-2020-2886", "CVE-2020-2887", "CVE-2020-2888", "CVE-2020-2889", "CVE-2020-2890", "CVE-2020-2891", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2894", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2899", "CVE-2020-2900", "CVE-2020-2901", "CVE-2020-2902", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2905", "CVE-2020-2906", "CVE-2020-2907", "CVE-2020-2908", "CVE-2020-2909", "CVE-2020-2910", "CVE-2020-2911", "CVE-2020-2912", "CVE-2020-2913", "CVE-2020-2914", "CVE-2020-2915", "CVE-2020-2920", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2927", "CVE-2020-2928", "CVE-2020-2929", "CVE-2020-2930", "CVE-2020-2931", "CVE-2020-2932", "CVE-2020-2933", "CVE-2020-2934", "CVE-2020-2935", "CVE-2020-2936", "CVE-2020-2937", "CVE-2020-2938", "CVE-2020-2939", "CVE-2020-2940", "CVE-2020-2941", "CVE-2020-2942", "CVE-2020-2943", "CVE-2020-2944", "CVE-2020-2945", "CVE-2020-2946", "CVE-2020-2947", "CVE-2020-2949", "CVE-2020-2950", "CVE-2020-2951", "CVE-2020-2952", "CVE-2020-2953", "CVE-2020-2954", "CVE-2020-2955", "CVE-2020-2956", "CVE-2020-2958", "CVE-2020-2959", "CVE-2020-2961", "CVE-2020-2963", "CVE-2020-2964", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-7044", "CVE-2020-8840"], "modified": "2020-07-20T00:00:00", "id": "ORACLE:CPUAPR2020", "href": "https://www.oracle.com/security-alerts/cpuapr2020.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
CVE-2019-9579
