Lucene search
K

Oracle Access Manager (Jul 2024 CPU)

🗓️ 22 Jul 2024 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 22 Views

The 12.2.1.4.0 version of Oracle Access Manager is vulnerable to unauthorized access and data compromise (CVE-2020-13956)

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities of Apache HttpClient have affected IBM Jazz Reporting Service
4 Oct 202310:31
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in Apache HttpClient and Eclipse Jetty Affect IBM Control Center (CVE-2020-13956, CVE-2020-27218)
14 May 202121:15
ibm
IBM Security Bulletins
Security Bulletin: A security vulnerability has been identified in Apache HttpClient shipped with IBM Tivoli Netcool Impact (CVE-2020-13956)
6 Oct 202204:37
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in Apache and Node.js affect IBM Spectrum Protect Plus
24 Apr 202106:55
ibm
IBM Security Bulletins
Security Bulletin: Security fixes available for The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology
7 Jun 202406:01
ibm
IBM Security Bulletins
Security Bulletin: Multiple Security vulnerabilities affecting IBM Knowledge Catalog Premium Cartridge
11 Mar 202619:05
ibm
IBM Security Bulletins
Security Bulletin: IBM Sterling Global Mailbox is vulnerable to security bypass due to Apache HttpClient (CVE-2020-13956)
21 Jul 202312:27
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in Apache HttpComponents affect IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2012-6153, CVE-2014-3577, CVE-2020-13956)
4 Oct 202312:58
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in Open Source software used by Cloud Pak System
31 Mar 202314:10
ibm
IBM Security Bulletins
Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache HttpClient vulnerability (CVE-2020-13956)
23 Mar 202116:18
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(202906);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/07/23");

  script_cve_id("CVE-2020-13956");
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");

  script_name(english:"Oracle Access Manager (Jul 2024 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a vulnerability");
  script_set_attribute(attribute:"description", value:
"The 12.2.1.4.0 versions of Access Manager installed on the remote host are affected by a vulnerability as referenced in
the July 2024 CPU advisory.

  - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Third Party
    (Apache HttpClient)). The supported version that is affected is 12.2.1.4.0. Easily exploitable
    vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access
    Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete
    access to some of Oracle Access Manager accessible data. (CVE-2020-13956)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujul2024.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the July 2024 Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-13956");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/07/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/07/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/07/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:access_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_access_manager_installed.nbin");
  script_require_keys("installed_sw/Oracle Access Manager");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'Oracle Access Manager');

#TODO: Update constraints accordingly based on Oracle CPU data
var constraints = [
  { 'min_version' : '12.2.1.4.0', 'fixed_version' : '12.2.1.4.240701' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

23 Jul 2024 00:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 25
CVSS 3.15.3
EPSS0.08665
22