Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_BI_PUBLISHER_OCT_2018_CPU.NASL
HistoryJan 03, 2019 - 12:00 a.m.

Oracle Business Intelligence Publisher Multiple Vulnerabilities (October 2018 CPU)

2019-01-0300:00:00
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
114
JSON

The version of Oracle Business Intelligence Publisher running on the remote host is 11.1.1.7.x prior to 11.1.1.7.181016, 11.1.1.9.x prior to 11.1.1.9.181016, 12.2.1.3.x prior to 12.2.1.3.181016, or 12.2.1.4.x prior to 12.2.1.4.181016. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory:

  • A deserialization vulnerability exists in Apache Log4j 2.x before 2.8.2. An unauthenticated, remote attacker can exploit this, via a specially crafted binary, to execute arbitrary code on the target host (CVE-2017-5645).

  • An information disclosure vulnerability exists in Analytics Server, Oracle BI Publisher.Supported version affected is 12.2.1.3.0 An unauthenticated, remote attacker can exploit this, via HTTP, to disclose potentially sensitive information. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (CVE-2018-3204).

  • A deserialization vulnerability exists in Apache Batik 1.x before 1.10 due to subclass of AbstractDocument.
    An unauthenticated, remote attacker can exploit this, via deserializing subclass of AbstractDocument, to execute arbitrary code on the target host (CVE-2018-8013).

Note that Nessus has not tested for these issues but has instead relied only on the applicationโ€™s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(120948);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2017-5645", "CVE-2018-3204", "CVE-2018-8013");
  script_bugtraq_id(97702, 104252, 105623);

  script_name(english:"Oracle Business Intelligence Publisher Multiple Vulnerabilities (October 2018 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle Business Intelligence Publisher running on the
remote host is 11.1.1.7.x prior to 11.1.1.7.181016, 11.1.1.9.x prior
to 11.1.1.9.181016, 12.2.1.3.x prior to 12.2.1.3.181016, or
12.2.1.4.x prior to 12.2.1.4.181016. It is, therefore, affected by 
multiple vulnerabilities as noted in the October 2018 Critical 
Patch Update advisory:

  - A deserialization vulnerability exists in Apache Log4j
    2.x before 2.8.2. An unauthenticated, remote attacker
    can exploit this, via a specially crafted binary, to
    execute arbitrary code on the target host
    (CVE-2017-5645).

  - An information disclosure vulnerability exists in 
    Analytics Server, Oracle BI Publisher.Supported version
    affected is 12.2.1.3.0 An unauthenticated, remote
    attacker can exploit this, via HTTP, to disclose 
    potentially sensitive information. Successful attacks
    require human interaction from a person other than the
    attacker and while the vulnerability is in Oracle
    Business Intelligence Enterprise Edition, attacks may 
    significantly impact additional products
    (CVE-2018-3204).

  - A deserialization vulnerability exists in Apache Batik 
    1.x before 1.10 due to subclass of `AbstractDocument`.
    An unauthenticated, remote attacker can exploit this, 
    via deserializing subclass of `AbstractDocument`, to
    execute arbitrary code on the target host
    (CVE-2018-8013).

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  # https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?705136d8");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2018 Oracle
Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8013");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/10/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:business_intelligence_publisher");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_bi_publisher_installed.nbin", "oracle_bi_publisher_detect.nasl");
  script_require_keys("installed_sw/Oracle Business Intelligence Publisher");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');
appname = 'Oracle Business Intelligence Publisher';
app_info = vcf::get_app_info(app:appname);

# 11.1.1.7.x - Bundle: 28632415 | Patch: 28500572
# 11.1.1.9.x - Bundle: 28632479 | Patch: 28609078
# 12.2.1.3.x - Bundle: 28291838 | Patch: 28291838
# 12.2.1.4.x - Bundle: 28500593 | Patch: 28500593
constraints = [
  {'min_version': '11.1.1.7', 'fixed_version': '11.1.1.7.181016', 'patch': '28500572', 'bundle': '28632415'},
  {'min_version': '11.1.1.9', 'fixed_version': '11.1.1.9.181016', 'patch': '28609078', 'bundle': '28632479'},
  {'min_version': '12.2.1.3', 'fixed_version': '12.2.1.3.181016', 'patch': '28291838', 'bundle': '28291838'},
  {'min_version': '12.2.1.4', 'fixed_version': '12.2.1.4.181016', 'patch': '28500593', 'bundle': '28500593'}
];

vcf::oracle_bi_publisher::check_version_and_report(app_info: app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
oraclefusion_middlewarecpe:/a:oracle:fusion_middleware
oraclebusiness_intelligence_publishercpe:/a:oracle:business_intelligence_publisher

Related

ibm 15
openvas 13
veracode 3
osv 6
debian 3
redhatcve 3
nessus 45
fedora 8
ubuntu 1
ubuntucve 2
github 2
prion 3
cve 3
debiancve 2
checkpoint_advisories 1
redhat 20
oraclelinux 2
symantec 1
seebug 1
f5 1
myhack58 2
githubexploit 1
centos 1
amazon 2
attackerkb 1
gentoo 1
impervablog 1
oracle 15
ibm
ibm
Security Bulletin: Older version of common Open Source: batik-dom-1.9.1.jar found in the MaximoForgeViewerPlugIn which is shipped with IBM Maximo for Civil Infrastructure
2020-12-08 16:20:56
Security Bulletin: Vulnerability in Apache Batik affects IBM Cรบram Social Program Management (CVE-2018-8013)
2018-12-07 14:30:01
Security Bulletin: A vulnerability in an older version of a Batik plugin that is included in IBM Installation Manager and IBM Packaging Utility
2020-08-17 17:32:53
openvas
openvas
Fedora Update for batik FEDORA-2018-79792e0c64
2018-06-10 00:00:00
Ubuntu Update for batik USN-3661-1
2018-10-26 00:00:00
Debian LTS: Security Advisory for batik (DLA-1385-1)
2018-05-28 00:00:00
veracode
veracode
Information Disclosure
2018-05-24 02:45:41
Remote Code Execution (RCE)
2019-01-15 09:17:41
Remote Code Execution (RCE)
2017-04-18 01:36:45
osv
osv
CVE-2018-8013
2018-05-24 16:29:00
Deserialization of Untrusted Data in Apache Batik
2022-05-13 01:14:24
batik - security update
2018-05-25 00:00:00
debian
debian
[SECURITY] [DLA 1385-1] batik security update
2018-05-25 19:29:50
[SECURITY] [DSA 4215-1] batik security update
2018-06-02 08:13:08
[SECURITY] [DSA 4215-1] batik security update
2018-06-02 08:13:08
redhatcve
redhatcve
CVE-2018-8013
2018-05-23 14:20:02
CVE-2017-5645
2019-10-10 10:12:57
CVE-2019-17571
2020-04-05 23:06:12
nessus
nessus
Fedora 27 : batik (2018-79792e0c64)
2018-06-11 00:00:00
Ubuntu 14.04 LTS : Batik vulnerability (USN-3661-1)
2018-05-30 00:00:00
Debian DLA-1385-1 : batik security update
2018-05-29 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: batik-1.10-1.fc27
2018-06-09 19:47:37
[SECURITY] Fedora 28 Update: batik-1.10-1.fc28
2018-06-09 20:44:08
[SECURITY] Fedora 26 Update: log4j-2.7-4.fc26
2017-05-02 15:59:49
ubuntu
ubuntu
Batik vulnerability
2018-05-29 00:00:00
ubuntucve
ubuntucve
CVE-2018-8013
2018-05-23 00:00:00
CVE-2017-5645
2017-04-17 00:00:00
github
github
Deserialization of Untrusted Data in Apache Batik
2022-05-13 01:14:24
Deserialization of Untrusted Data in Log4j
2020-01-06 18:43:38
prion
prion
Deserialization of untrusted data
2018-05-24 16:29:00
Buffer overflow
2018-10-17 01:31:00
Code injection
2017-04-17 21:59:00
cve
cve
CVE-2018-8013
2018-05-24 16:29:00
CVE-2017-5645
2017-04-17 21:59:00
CVE-2018-3204
2018-10-17 01:31:00
debiancve
debiancve
CVE-2018-8013
2018-05-24 16:29:00
CVE-2017-5645
2017-04-17 21:59:00
checkpoint_advisories
checkpoint_advisories
Apache Log4j Remote Code Execution (CVE-2017-5645)
2022-01-02 00:00:00
redhat
redhat
(RHSA-2017:1417) Important: rh-java-common-log4j security update
2017-06-08 07:23:59
(RHSA-2017:3399) Important: Red Hat JBoss Enterprise Application Platform 5.2 security update
2017-12-07 17:04:23
(RHSA-2017:3400) Important: Red Hat JBoss Enterprise Application Platform 5.2 security update
2017-12-07 17:04:46
oraclelinux
oraclelinux
log4j security update
2017-08-09 00:00:00
log4j security update
2022-05-23 00:00:00
symantec
symantec
Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
2017-04-17 00:00:00
seebug
seebug
Apache Log4j socket receiver deserialization vulnerability (CVE-2017-5645)
2017-04-18 00:00:00
f5
f5
K23173103 : log4j vulnerability CVE-2017-5645
2018-01-31 00:00:00
myhack58
myhack58
Apache logging component Log4j deserialization vulnerability affects all 2. x version-bug warning-the black bar safety net
2017-04-18 00:00:00
Apache logging component Log4j deserialization vulnerability affects all 2. x version-bug warning-the black bar safety net
2017-04-19 00:00:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Log4J
2019-12-25 16:46:11
centos
centos
log4j security update
2017-08-31 18:57:53
amazon
amazon
Important: log4j
2022-01-18 20:15:00
Medium: log4j
2022-01-18 21:37:00
attackerkb
attackerkb
CVE-2019-17571
2019-12-20 00:00:00
gentoo
gentoo
Apache Batik: Multiple Vulnerabilities
2024-01-07 00:00:00
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08
oracle
oracle
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00
JSON
Related for ORACLE_BI_PUBLISHER_OCT_2018_CPU.NASL
ibm15openvas13veracode3osv6debian3redhatcve3nessus45fedora8ubuntu1ubuntucve2github2prion3cve3debiancve2checkpoint_advisories1redhat20oraclelinux2symantec1seebug1f51myhack582githubexploit1centos1amazon2attackerkb1gentoo1impervablog1oracle15