Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.MYSQL_ENTERPRISE_MONITOR_8_0_32.NASL
HistoryOct 20, 2022 - 12:00 a.m.

Oracle MySQL Enterprise Monitor (Oct 2022 CPU)

2022-10-2000:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6

7.5 High

AI Score

Confidence

High

JSON

The versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory.

  • Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Moment.js)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. (CVE-2022-31129)

  • Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Tomcat)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Enterprise Monitor accessible data as well as unauthorized read access to a subset of MySQL Enterprise Monitor accessible data. (CVE-2022-34305)

  • Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (OpenSSL)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Enterprise Monitor accessible data. (CVE-2022-2097)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(166325);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/01");

  script_cve_id("CVE-2022-2097", "CVE-2022-31129", "CVE-2022-34305");
  script_xref(name:"IAVA", value:"2022-A-0432-S");

  script_name(english:"Oracle MySQL Enterprise Monitor (Oct 2022 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as
referenced in the October 2022 CPU advisory. 
  
  - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General
    (Moment.js)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability
    allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise
    Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. (CVE-2022-31129)

  - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General
    (Apache Tomcat)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability
    allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise
    Monitor. Successful attacks require human interaction from a person other than the attacker and while the
    vulnerability is in MySQL Enterprise Monitor, attacks may significantly impact additional products (scope
    change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete
    access to some of MySQL Enterprise Monitor accessible data as well as unauthorized read access to a
    subset of MySQL Enterprise Monitor accessible data. (CVE-2022-34305)

  - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General
    (OpenSSL)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability
    allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise
    Monitor. Successful attacks of this vulnerability can result in unauthorized read access to a subset of
    MySQL Enterprise Monitor accessible data. (CVE-2022-2097)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cpuoct2022cvrf.xml");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuoct2022.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2022 Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-2097");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-34305");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/10/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/20");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql_enterprise_monitor");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_enterprise_monitor_web_detect.nasl", "oracle_mysql_enterprise_monitor_local_nix_detect.nbin", "oracle_mysql_enterprise_monitor_local_detect.nbin", "macosx_mysql_enterprise_monitor_installed.nbin");
  script_require_keys("installed_sw/MySQL Enterprise Monitor");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::combined_get_app_info(app:'MySQL Enterprise Monitor');

var constraints = [
  { 'min_version' : '8.0', 'fixed_version' : '8.0.32' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
oraclemysql_enterprise_monitorcpe:/a:oracle:mysql_enterprise_monitor

Related

nessus 60
kaspersky 3
tomcat 4
github 3
atlassian 5
ibm 37
redhatcve 3
f5 2
veracode 3
ubuntucve 3
debiancve 3
cve 4
osv 17
cnvd 1
prion 4
freebsd 3
fedora 7
redhat 9
attackerkb 1
hackerone 1
huntr 1
ubuntu 4
broadcom 1
alpinelinux 1
rustsec 1
suse 3
cbl_mariner 2
mageia 2
cloudfoundry 1
amazon 1
openssl 1
qualysblog 1
debian 1
slackware 1
oraclelinux 2
aix 1
rocky 1
almalinux 1
nessus
nessus
FreeBSD : Tomcat -- XSS in examples web application (e2e7faf9-1b51-11ed-ae46-002b67dfc673)
2022-08-16 00:00:00
Apache Tomcat 10.0.0.M1 < 10.0.23 vulnerability
2022-06-23 00:00:00
Dell EMC NetWorker < 19.7.0.2 XSS (DSA-2022-341)
2022-12-08 00:00:00
kaspersky
kaspersky
KLA19262 XSS vulnerability in Apache Tomcat
2022-07-26 00:00:00
KLA19260 XSS vulnerability in Apache Tomcat
2022-08-28 00:00:00
KLA19261 XSS vulnerability in Apache Tomcat
2022-07-20 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 8.5.82
2022-08-13 00:00:00
Fixed in Apache Tomcat 10.0.23
2022-07-26 00:00:00
Fixed in Apache Tomcat 10.1.0-M17
2022-07-20 00:00:00
github
github
Cross-site Scripting in Apache Tomcat
2022-06-24 00:00:32
Moment.js vulnerable to Inefficient Regular Expression Complexity
2022-07-06 18:38:49
AES OCB fails to encrypt some bytes
2022-07-06 19:57:19
atlassian
atlassian
Confluence Apache Tomcat CVE-2022-34305
2022-07-07 19:05:27
Apache Tomcat CVE-2022-34305
2022-06-28 14:48:07
Upgrade moment library to 2.29.2+ as required for CVE-2022-24785 and CVE-2022-31129
2023-10-11 15:26:01
ibm
ibm
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to cross-site scripting due to Apache Tomcat (CVE-2022-34305)
2023-01-10 10:31:23
Security Bulletin: IBM UrbanCode Build is affected by CVE-2022-34305
2022-12-20 07:05:39
Security Bulletin: IBM UrbanCode Release is affected by CVE-2022-34305
2023-01-20 16:08:01
redhatcve
redhatcve
CVE-2022-34305
2022-06-30 18:05:42
CVE-2022-31129
2022-07-07 20:44:44
CVE-2022-2097
2022-07-07 18:14:40
f5
f5
K00303143 : Apache Tomcat vulnerability CVE-2022-34305
2022-07-11 00:00:00
K23605974 : OpenSSL vulnerability CVE-2022-2097
2022-08-18 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2022-06-24 04:07:07
Regular Expression Denial Of Service (ReDoS)
2022-07-07 05:14:54
Information Disclosure
2022-07-06 11:25:33
ubuntucve
ubuntucve
CVE-2022-34305
2022-06-23 00:00:00
CVE-2022-31129
2022-07-06 00:00:00
CVE-2022-2097
2022-07-05 00:00:00
debiancve
debiancve
CVE-2022-34305
2022-06-23 11:15:00
CVE-2022-31129
2022-07-06 18:15:00
CVE-2022-2097
2022-07-05 11:15:00
cve
cve
CVE-2022-34305
2022-06-23 11:15:00
CVE-2022-31129
2022-07-06 18:15:00
CVE-2022-2097
2022-07-05 11:15:00
osv
osv
Cross-site Scripting in Apache Tomcat
2022-06-24 00:00:32
BIT-tomcat-2022-34305
2024-03-06 11:09:17
CVE-2022-34305
2022-06-23 11:15:07
cnvd
cnvd
Apache Tomcat Cross-Site Scripting Vulnerability
2022-06-27 00:00:00
prion
prion
Cross site scripting
2022-06-23 11:15:00
Input validation
2022-07-06 18:15:00
Design/Logic Flaw
2022-07-05 11:15:00
freebsd
freebsd
Tomcat -- XSS in examples web application
2022-06-22 00:00:00
OpenSSL -- AES OCB fails to encrypt some bytes
2022-07-05 00:00:00
mantis -- multiple vulnerabilities
2023-01-06 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: subscription-manager-cockpit-4-1.fc37
2022-09-12 17:50:33
[SECURITY] Fedora 36 Update: subscription-manager-cockpit-4-1.fc36
2022-09-04 22:47:45
[SECURITY] Fedora 36 Update: openssl-3.0.5-1.fc36
2022-07-09 01:24:48
redhat
redhat
(RHSA-2022:6392) Important: RHV RHEL Host (ovirt-host) [ovirt-4.5.2] security update
2022-09-08 11:19:30
(RHSA-2022:5915) Moderate: Red Hat Kiali for OpenShift Service Mesh 2.2 security update
2022-08-08 08:18:33
(RHSA-2022:5914) Moderate: Red Hat Kiali for OpenShift Service Mesh 2.1 security update
2022-08-08 08:12:25
attackerkb
attackerkb
CVE-2022-31129
2022-07-06 00:00:00
hackerone
hackerone
Nextcloud: [nextcloud/server] Moment.js vulnerable to Inefficient Regular Expression Complexity
2022-09-26 11:16:15
huntr
huntr
Regular Expression Denial of Service (ReDoS)
2022-06-06 11:09:00
ubuntu
ubuntu
OpenSSL vulnerability
2022-07-05 00:00:00
Moment.js vulnerabilities
2022-08-10 00:00:00
PostfixAdmin vulnerabilities
2023-12-12 00:00:00
broadcom
broadcom
AES OCB fails to encrypt some bytes
2023-08-01 00:00:00
alpinelinux
alpinelinux
CVE-2022-2097
2022-07-05 11:15:00
rustsec
rustsec
AES OCB fails to encrypt some bytes
2022-07-05 12:00:00
suse
suse
Security update for openssl-1_1 (important)
2022-09-01 00:00:00
Security update for openssl-1_1 (important)
2022-07-07 00:00:00
Security update for openssl-1_1 (important)
2022-07-06 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-2097 affecting package openssl 1.1.1k-12
2022-07-14 20:59:56
CVE-2022-2097 affecting package openssl 1.1.1k-20
2022-09-13 22:36:40
mageia
mageia
Updated openssl packages fix security vulnerability
2022-07-12 11:32:28
Updated jupyter-notebook packages fix security vulnerabilities
2024-03-16 04:42:48
cloudfoundry
cloudfoundry
USN-5502-1: OpenSSL vulnerability | Cloud Foundry
2022-08-26 00:00:00
amazon
amazon
Medium: openssl11
2023-03-02 22:35:00
openssl
openssl
Vulnerability in OpenSSL CVE-2022-2097
2022-07-05 00:00:00
qualysblog
qualysblog
Detection of Vulnerabilities in JavaScript Libraries
2023-01-16 11:46:18
debian
debian
[SECURITY] [DLA 3295-1] node-moment security update
2023-01-30 21:29:16
slackware
slackware
[slackware-security] openssl
2022-07-05 20:24:36
oraclelinux
oraclelinux
openssl security update
2022-08-05 00:00:00
openssl security update
2022-08-02 00:00:00
aix
aix
AIX is vulnerable to arbitrary command execution due to OpenSSL
2022-08-17 16:39:03
rocky
rocky
openssl security update
2022-08-02 07:00:02
almalinux
almalinux
Moderate: openssl security update
2022-08-03 00:00:00

7.5 High

AI Score

Confidence

High

JSON
Related for MYSQL_ENTERPRISE_MONITOR_8_0_32.NASL
nessus60kaspersky3tomcat4github3atlassian5ibm37redhatcve3f52veracode3ubuntucve3debiancve3cve4osv17cnvd1prion4freebsd3fedora7redhat9attackerkb1hackerone1huntr1ubuntu4broadcom1alpinelinux1rustsec1suse3cbl_mariner2mageia2cloudfoundry1amazon1openssl1qualysblog1debian1slackware1oraclelinux2aix1rocky1almalinux1