Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.MYSQL_ENTERPRISE_MONITOR_8_0_27.NASL
HistoryOct 20, 2021 - 12:00 a.m.

Oracle MySQL Enterprise Monitor (Oct 2021 CPU)

2021-10-2000:00:00
This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
JSON

The 8.0.25 versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory.

  • Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Spring Security)). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. (CVE-2021-22112)

  • Vulnerability in the Oracle Retail Predictive Application Server product of Oracle Retail Applications (component: RPAS Fusion Client (Spring Framework)). Supported versions that are affected are 14.1.3, 15.0.3 and 16.0.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Predictive Application Server executes to compromise Oracle Retail Predictive Application Server. Successful attacks of this vulnerability can result in takeover of Oracle Retail Predictive Application Server. (CVE-2021-22118)

  • Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (OpenSSL)).
    Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Workbench accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Workbench. (CVE-2021-3712)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(154267);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id(
    "CVE-2021-3712",
    "CVE-2021-22112",
    "CVE-2021-22118",
    "CVE-2021-29425",
    "CVE-2021-33037"
  );
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");

  script_name(english:"Oracle MySQL Enterprise Monitor (Oct 2021 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The 8.0.25 versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as
referenced in the October 2021 CPU advisory.

  - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General
    (Spring Security)). Supported versions that are affected are 8.0.25 and prior. Easily exploitable
    vulnerability allows low privileged attacker with network access via HTTPS to compromise MySQL Enterprise
    Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. (CVE-2021-22112)

  - Vulnerability in the Oracle Retail Predictive Application Server product of Oracle Retail Applications
    (component: RPAS Fusion Client (Spring Framework)). Supported versions that are affected are 14.1.3,
    15.0.3 and 16.0.3. Easily exploitable vulnerability allows low privileged attacker with logon to the
    infrastructure where Oracle Retail Predictive Application Server executes to compromise Oracle Retail
    Predictive Application Server. Successful attacks of this vulnerability can result in takeover of Oracle
    Retail Predictive Application Server. (CVE-2021-22118)

  - Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (OpenSSL)).
    Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows
    unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful
    attacks of this vulnerability can result in unauthorized access to critical data or complete access to all
    MySQL Workbench accessible data and unauthorized ability to cause a hang or frequently repeatable crash
    (complete DOS) of MySQL Workbench. (CVE-2021-3712)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/a/tech/docs/cpuoct2021cvrf.xml");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuoct2021.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2021 Oracle Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-22112");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/10/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/10/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/10/20");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql_enterprise_monitor");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_enterprise_monitor_web_detect.nasl", "oracle_mysql_enterprise_monitor_local_nix_detect.nbin", "oracle_mysql_enterprise_monitor_local_detect.nbin");
  script_require_keys("installed_sw/MySQL Enterprise Monitor");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::combined_get_app_info(app:'MySQL Enterprise Monitor');

var constraints = [
  { 'max_version':'8.0.25.99999','fixed_version' : '8.0.27' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
oraclemysql_enterprise_monitorcpe:/a:oracle:mysql_enterprise_monitor

Related

prion 5
osv 11
ibm 43
github 5
redhatcve 5
ubuntucve 4
cve 5
nessus 53
freebsd 2
veracode 5
debiancve 3
f5 2
openvas 22
photon 4
kaspersky 1
tomcat 3
amazon 4
atlassian 2
seebug 1
attackerkb 1
ubuntu 1
suse 4
broadcom 1
qualysblog 1
debian 1
oraclelinux 3
rustsec 1
githubexploit 1
aix 1
openssl 1
redhat 2
cbl_mariner 1
prion
prion
Privilege escalation
2021-05-27 15:15:00
Authentication flaw
2021-02-23 19:15:00
Cross site request forgery (csrf)
2021-07-12 15:15:00
osv
osv
Improper Privilege Management in Spring Framework
2022-05-24 19:03:28
CVE-2021-22118
2021-05-27 15:15:07
CVE-2021-22112
2021-02-23 19:15:13
ibm
ibm
Security Bulletin: A vulnerability in Spring Framework affects IBM Watson Machine Learning Accelerator
2021-10-18 06:30:54
Security Bulletin: A Privilege Escalation vulnerability in Pivotal Spring Framework affects IBM LKS Administration & Reporting Tool and its Agent
2021-09-03 05:41:57
Security Bulletin: CVE-2021-33037 Apache Tomcat 8.5.66 did not correctly parse the HTTP transfer-encoding request header leading to the possibility to request smuggling when used with a reverse proxy
2021-09-01 19:52:20
github
github
Improper Privilege Management in Spring Framework
2022-05-24 19:03:28
Privilege escalation in spring security
2021-05-10 15:22:39
Path Traversal and Improper Input Validation in Apache Commons IO
2021-04-26 16:04:00
redhatcve
redhatcve
CVE-2021-22118
2021-06-22 17:07:13
CVE-2021-22112
2021-02-22 21:18:40
CVE-2021-33037
2021-07-12 18:56:38
ubuntucve
ubuntucve
CVE-2021-22118
2021-05-27 00:00:00
CVE-2021-33037
2021-07-12 00:00:00
CVE-2021-29425
2021-04-13 00:00:00
cve
cve
CVE-2021-22118
2021-05-27 15:15:00
CVE-2021-33037
2021-07-12 15:15:00
CVE-2021-22112
2021-02-23 19:15:00
nessus
nessus
Photon OS 2.0: Apache PHSA-2021-2.0-0375
2021-08-10 00:00:00
Amazon Linux AMI : tomcat8 (ALAS-2021-1535)
2021-09-09 00:00:00
FreeBSD : jenkins -- Privilege escalation vulnerability in bundled Spring Security library (a45d945a-cc2c-4cd7-a941-fb58fdb1b01e)
2021-02-22 00:00:00
freebsd
freebsd
tomcat -- HTTP request smuggling in multiple versions
2021-05-07 00:00:00
jenkins -- Privilege escalation vulnerability in bundled Spring Security library
2021-02-19 00:00:00
veracode
veracode
Privilege Escalation
2021-05-28 02:27:03
Privilege Escalation
2021-04-06 03:21:24
Request Smuggling
2021-07-30 03:29:00
debiancve
debiancve
CVE-2021-22118
2021-05-27 15:15:00
CVE-2021-33037
2021-07-12 15:15:00
CVE-2021-29425
2021-04-13 07:15:00
f5
f5
K32469285 : Apache Tomcat vulnerability CVE-2021-33037
2021-08-06 00:00:00
K19559038 : OpenSSL vulnerability CVE-2021-3712
2021-10-01 00:00:00
openvas
openvas
Apache Tomcat HTTP Request Smuggling Vulnerability (Jul 2021) - Windows
2021-07-13 00:00:00
Apache Tomcat HTTP Request Smuggling Vulnerability (Jul 2021) - Linux
2021-07-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:1282-1)
2021-06-09 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0420
2021-07-30 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0375
2021-07-30 00:00:00
Moderate Photon OS Security Update - PHSA-2021-0277
2021-07-30 00:00:00
kaspersky
kaspersky
KLA12218 SB vulnerability in Apache Tomcat
2021-06-15 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 10.0.7
2021-06-15 00:00:00
Fixed in Apache Tomcat 9.0.48
2021-06-15 00:00:00
Fixed in Apache Tomcat 8.5.68
2021-06-15 00:00:00
amazon
amazon
Medium: tomcat8
2021-09-02 22:54:00
Medium: apache-commons-io
2023-05-25 17:41:00
Medium: openssl
2021-10-01 18:00:00
atlassian
atlassian
Tomcat versions bundled with the Crowd product are vulnerable to CVE-2021-33037
2022-03-10 04:57:07
Request smuggling via a vulnerable version of Apache Tomcat - CVE-2021-33037
2022-01-06 02:02:04
seebug
seebug
Apache Tomcat HTTP请求走私(CVE-2021-33037)
2021-07-27 00:00:00
attackerkb
attackerkb
CVE-2021-29425
2021-04-13 00:00:00
ubuntu
ubuntu
Apache Commons IO vulnerability
2021-09-29 00:00:00
suse
suse
Security update for apache-commons-io (moderate)
2021-04-23 00:00:00
Security update for openssl-1_0_0 (important)
2021-08-24 00:00:00
Security update for openssl-1_1 (low)
2021-09-07 00:00:00
broadcom
broadcom
Apache Commons IO Vulnerability (CVE-2021-29425)
2023-12-18 00:00:00
qualysblog
qualysblog
Apache Tomcat HTTP Request Smuggling Vulnerability (CVE-2021-33037)
2021-10-27 12:07:58
debian
debian
[SECURITY] [DLA 2741-1] commons-io security update
2021-08-12 20:18:44
oraclelinux
oraclelinux
openssl security update
2021-12-22 00:00:00
openssl security update
2021-12-23 00:00:00
openssl security update
2022-01-12 00:00:00
rustsec
rustsec
Read buffer overruns processing ASN.1 strings
2021-08-24 12:00:00
githubexploit
githubexploit
Exploit for Out-of-bounds Read in Openssl
2023-09-11 07:43:19
aix
aix
There is a vulnerability in OpenSSL used by AIX.
2022-01-06 09:14:51
openssl
openssl
Vulnerability in OpenSSL CVE-2021-3712
2021-08-24 00:00:00
redhat
redhat
(RHSA-2021:5226) Moderate: openssl security update
2021-12-21 09:07:24
(RHSA-2021:4863) Important: Red Hat JBoss Web Server 5.6.0 Security release
2021-11-30 14:21:16
cbl_mariner
cbl_mariner
CVE-2021-3712 affecting package openssl 1.1.1k-30
2022-04-09 06:51:56
JSON
Related for MYSQL_ENTERPRISE_MONITOR_8_0_27.NASL
prion5osv11ibm43github5redhatcve5ubuntucve4cve5nessus53freebsd2veracode5debiancve3f52openvas22photon4kaspersky1tomcat3amazon4atlassian2seebug1attackerkb1ubuntu1suse4broadcom1qualysblog1debian1oraclelinux3rustsec1githubexploit1aix1openssl1redhat2cbl_mariner1