Oracle E-Business Suite missing October 2019 Critical Patch Update and affected by multiple vulnerabilitie
Reporter | Title | Published | Views | Family All 59 |
---|---|---|---|---|
Prion | Design/Logic Flaw | 16 Oct 201918:15 | – | prion |
Prion | Design/Logic Flaw | 16 Oct 201918:15 | – | prion |
Prion | Design/Logic Flaw | 16 Oct 201918:15 | – | prion |
Prion | Design/Logic Flaw | 16 Oct 201918:15 | – | prion |
Prion | Design/Logic Flaw | 16 Oct 201918:15 | – | prion |
Prion | Design/Logic Flaw | 16 Oct 201918:15 | – | prion |
Prion | Design/Logic Flaw | 16 Oct 201918:15 | – | prion |
Prion | Design/Logic Flaw | 16 Oct 201918:15 | – | prion |
Prion | Design/Logic Flaw | 16 Oct 201918:15 | – | prion |
Prion | Design/Logic Flaw | 16 Oct 201918:15 | – | prion |
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(130020);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id(
"CVE-2019-2925",
"CVE-2019-2930",
"CVE-2019-2942",
"CVE-2019-2990",
"CVE-2019-2994",
"CVE-2019-2995",
"CVE-2019-3000",
"CVE-2019-3022",
"CVE-2019-3024",
"CVE-2019-3027"
);
script_xref(name:"IAVA", value:"2019-A-0386-S");
script_name(english:"Oracle E-Business Suite Multiple Vulnerabilities (Oct 2019 CPU)");
script_set_attribute(attribute:"synopsis", value:
"A web application installed on the remote host is affected by multiple
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Oracle E-Business installed on the remote host is
missing the October 2019 Oracle Critical Patch Update (CPU). It is,
as noted in the October 2019 Critical Patch Update advisory, affected
by flaws in the following components :
- Oracle Advanced Outbound Telephony
- Oracle Application Object Library
- Oracle Content Manager
- Oracle Field Service
- Oracle Installed Base
- Oracle iStore
- Oracle Marketing
- Oracle Workflow
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
# https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b370bc74");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2019 Oracle Critical Patch Update advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3000");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/15");
script_set_attribute(attribute:"patch_publication_date", value:"2019/10/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/18");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:e-business_suite");
script_set_attribute(attribute:"stig_severity", value:"I");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("oracle_e-business_query_patch_info.nbin");
script_require_keys("Oracle/E-Business/Version", "Oracle/E-Business/patches/installed");
exit(0);
}
fix_date = '201910';
app_name = 'Oracle E-Business';
version = get_kb_item_or_exit('Oracle/E-Business/Version');
patched_versions = get_kb_item('Oracle/E-Business/patched_versions');
# check if patched
version_regex = "(^|[^0-9])" + version + "\." + fix_date + "([^0-9]|$)";
if (!empty_or_null(patched_versions) && patched_versions =~ version_regex)
audit(AUDIT_INST_VER_NOT_VULN, app_name, version);
# Report fixed version and required patches
fix_version = version;
# 12.1.1 - 12.1.3
if (version =~ "^12\.1\.[1-3]($|[^0-9])")
fix_patches = '30077281';
# 12.2.0 - 12.2.3
else if (version =~ "^12\.2.[0-3]($|[^0-9])")
{
fix_version = '12.2.3';
fix_patches = '30077283';
}
# 12.2.4
else if (version =~ "^12\.2\.4($|[^0-9])")
fix_patches = '30077283';
# 12.2.5-9
else if (version =~ "^12\.2\.[5-9]($|[^0-9])")
fix_patches = make_list('30077283', '29747091');
else
audit(AUDIT_INST_PATH_NOT_VULN, app_name, version);
report =
'\n Installed version : ' + version +
'\n Fixed version : ' + fix_version +
'\n Required Patches : ' + join(sep:', ', fix_patches);
security_report_v4(port:0,extra:report,severity:SECURITY_WARNING);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo