5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
71.3%
The version of Oracle Access Manager installed on the remote host is affected by multiple unspecified vulnerabilities that allow remote attackers to impact integrity and confidentiality.
Note that this plugin does not check for additional configuration required to completely mitigate CVE-2015-0367.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(81004);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2015-0367", "CVE-2015-0434");
script_bugtraq_id(72179, 72226);
script_name(english:"Oracle Access Manager Multiple Vulnerabilities (January 2015 CPU)");
script_set_attribute(attribute:"synopsis", value:
"The remote host has a Single Sign On (SSO) application installed that
is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Oracle Access Manager installed on the remote host is
affected by multiple unspecified vulnerabilities that allow remote
attackers to impact integrity and confidentiality.
Note that this plugin does not check for additional configuration
required to completely mitigate CVE-2015-0367.");
# https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75c6cafb");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patches according to the January 2015 Oracle
Critical Patch Update advisory.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/20");
script_set_attribute(attribute:"patch_publication_date", value:"2015/01/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.");
script_dependencies("oracle_access_manager_installed.nbin");
script_require_keys("Oracle/OAM/Installed");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("oracle_rdbms_cpu_func.inc");
include("misc_func.inc");
get_kb_item_or_exit("Oracle/OAM/Installed");
installs = get_kb_list_or_exit("Oracle/OAM/*/Version");
product = "Oracle Access Manager";
path = branch(keys(installs));
version = installs[path];
path = path - "Oracle/OAM/" - "/Version";
if (version =~ "^11\.1\.1\.5(\.|$)")
fixed = "11.1.1.5.8";
else if (version =~ "^11\.1\.1\.7(\.|$)")
fixed = "11.1.1.7.3";
else if (version =~ "^11\.1\.2\.1(\.|$)")
fixed = "11.1.2.1.4";
else if (version =~ "^11\.1\.2\.2(\.|$)")
fixed = "11.1.2.2.3";
else
audit(AUDIT_INST_PATH_NOT_VULN, product, version, path);
if (ver_compare(ver:version, fix:fixed, strict:FALSE) >= 0) audit(AUDIT_INST_PATH_NOT_VULN, product, version, path);
if (report_verbosity > 0)
{
report =
'\n The following vulnerable version of ' + product + ' was found' +
'\n on the remote host : ' +
'\n' +
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + fixed +
'\n';
security_warning(port:0, extra:report);
}
else security_warning(port:0);
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | fusion_middleware | cpe:/a:oracle:fusion_middleware |