Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_CPU_JAN_2022_UI.NASL
HistoryJan 23, 2023 - 12:00 a.m.

Oracle Enterprise Manager Ops Center UI and Other Patches (January 2022 CPU)

2023-01-2300:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
JSON

The 12.4.0.0 versions of Enterprise Manager Ops Center installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2022 CPU advisory.

  • Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager (component:
    Networking (JDBC)). The supported version that is affected is 12.4.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Enterprise Manager Ops Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Ops Center, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Enterprise Manager Ops Center. (CVE-2021-2351)

  • Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager (component:
    Networking (Python)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center.
    Successful attacks of this vulnerability can result in takeover of Enterprise Manager Ops Center.
    (CVE-2021-3177)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(170273);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/07");

  script_cve_id("CVE-2021-2351", "CVE-2021-3177");
  script_xref(name:"IAVA", value:"2021-A-0482");
  script_xref(name:"IAVA", value:"2022-A-0036");
  script_xref(name:"IAVA", value:"2022-A-0165");

  script_name(english:"Oracle Enterprise Manager Ops Center UI and Other Patches (January 2022 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The 12.4.0.0 versions of Enterprise Manager Ops Center installed on the remote host are affected by multiple
vulnerabilities as referenced in the January 2022 CPU advisory.

  - Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager (component:
    Networking (JDBC)). The supported version that is affected is 12.4.0.0. Difficult to exploit vulnerability
    allows unauthenticated attacker with network access via Oracle Net to compromise Enterprise Manager Ops
    Center. Successful attacks require human interaction from a person other than the attacker and while the
    vulnerability is in Enterprise Manager Ops Center, attacks may significantly impact additional products
    (scope change). Successful attacks of this vulnerability can result in takeover of Enterprise Manager Ops
    Center. (CVE-2021-2351)

  - Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager (component:
    Networking (Python)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability
    allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center.
    Successful attacks of this vulnerability can result in takeover of Enterprise Manager Ops Center.
    (CVE-2021-3177)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cpujan2022cvrf.xml");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujan2022.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the January 2022 Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3177");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/01/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager_ops_center");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_enterprise_manager_ops_center_installed.nbin");
  script_require_keys("installed_sw/Oracle Enterprise Manager Ops Center");

  exit(0);
}

include('vcf_extras_oracle_em_ops_center.inc');

get_kb_item_or_exit('Host/local_checks_enabled');

var constraints = [
  {'min_version': '12.4.0.0', 'max_version': '12.4.0.9999', 'ui_patch': '33701457'}
];

var app_info = vcf::oracle_em_ops_center::get_app_info();

vcf::oracle_em_ops_center::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
oracleenterprise_manager_ops_centercpe:/a:oracle:enterprise_manager_ops_center

Related

ibm 8
prion 2
cnvd 1
zdt 2
nessus 67
cve 2
osv 13
packetstorm 2
oraclelinux 8
fedora 14
openvas 42
alpinelinux 1
amazon 2
f5 1
ubuntucve 1
photon 4
cbl_mariner 1
hackerone 1
veracode 1
debiancve 1
redhatcve 1
mageia 1
redos 3
archlinux 1
cloudfoundry 3
ubuntu 4
suse 2
gentoo 1
debian 2
redhat 3
rocky 1
almalinux 2
centos 1
ibm
ibm
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Supplier Lifecycle Mgmt (CVE-2021-2351)
2021-10-22 06:37:15
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Contract Management (CVE-2021-2351)
2021-10-22 06:36:28
Security Bulletin: Oracle Database Server Security Vulnerability Affects IBM Emptoris Sourcing (CVE-2021-2351)
2021-10-22 06:40:05
prion
prion
Design/Logic Flaw
2021-07-21 15:15:00
Buffer overflow
2021-01-19 06:15:00
cnvd
cnvd
Oracle Database Server has an unspecified vulnerability (CNVD-2022-09810)
2021-07-21 00:00:00
zdt
zdt
Oracle Database Weak NNE Integrity Key Derivation Vulnerability
2021-12-13 00:00:00
Oracle Database Protection Mechanism Bypass Vulnerability
2021-12-13 00:00:00
nessus
nessus
Oracle Application Testing Suite (Jan 2022 CPU)
2022-01-21 00:00:00
Fedora 32 : python3.10 (2021-d5cde50865)
2021-02-16 00:00:00
Oracle Linux 8 : python36 (ELSA-2021-9129)
2021-03-23 00:00:00
cve
cve
CVE-2021-2351
2021-07-21 15:15:00
CVE-2021-3177
2021-01-19 06:15:00
osv
osv
CVE-2021-2351
2021-07-21 15:15:21
BIT-python-2021-3177
2024-03-06 11:06:34
ctypes: Buffer overflow in PyCArg_repr
2021-01-19 00:00:00
packetstorm
packetstorm
Oracle Database Protection Mechanism Bypass
2021-12-13 00:00:00
Oracle Database Weak NNE Integrity Key Derivation
2021-12-13 00:00:00
oraclelinux
oraclelinux
python3 security update
2021-03-10 00:00:00
python27:2.7 security update
2021-03-22 00:00:00
python security update
2021-03-15 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: python2.7-2.7.18-8.fc33
2021-02-11 01:43:47
[SECURITY] Fedora 32 Update: python3.10-3.10.0~a5-1.fc32
2021-02-13 01:18:35
[SECURITY] Fedora 33 Update: mingw-python3-3.9.1-2.fc33
2021-01-30 01:55:18
openvas
openvas
Fedora: Security Advisory for python3.10 (FEDORA-2021-d5cde50865)
2021-02-14 00:00:00
Fedora: Security Advisory for python3.9 (FEDORA-2021-faf88b9499)
2021-01-23 00:00:00
Fedora: Security Advisory for python27 (FEDORA-2021-17668e344a)
2021-02-11 00:00:00
alpinelinux
alpinelinux
CVE-2021-3177
2021-01-19 06:15:00
amazon
amazon
Medium: python, python3
2021-02-19 01:27:00
Medium: python27, python36, python38
2021-02-23 20:18:00
f5
f5
K000133761 : Python vulnerability CVE-2021-3177
2023-05-10 00:00:00
ubuntucve
ubuntucve
CVE-2021-3177
2021-01-19 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2021-0192
2021-02-11 00:00:00
Critical Photon OS Security Update - PHSA-2021-3.0-0192
2021-02-11 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0317
2021-02-11 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-3177 affecting package python3 3.7.9-4
2021-02-09 16:59:15
hackerone
hackerone
Internet Bug Bounty: Buffer overflow in PyCArg_repr in _ctypes/callproc.c for Python 3.x to 3.9.1
2021-01-22 09:48:45
veracode
veracode
Buffer Overflow
2021-01-21 19:51:33
debiancve
debiancve
CVE-2021-3177
2021-01-19 06:15:00
redhatcve
redhatcve
CVE-2021-3177
2021-01-20 08:55:23
mageia
mageia
Updated python and python3 packages fix security vulnerability
2021-02-04 16:40:24
redos
redos
ROS-2-453
2021-09-08 00:00:00
ROS-2-621
2021-09-08 00:00:00
ROS-2-577
2021-09-08 00:00:00
archlinux
archlinux
[ASA-202102-37] python: multiple issues
2021-02-27 00:00:00
cloudfoundry
cloudfoundry
USN-4754-4: Python 2.7 vulnerability | Cloud Foundry
2021-03-22 00:00:00
USN-4754-2: Python regression | Cloud Foundry
2021-03-02 00:00:00
USN-4754-1: Python vulnerabilities | Cloud Foundry
2021-03-02 00:00:00
ubuntu
ubuntu
Python vulnerability
2022-02-08 00:00:00
Python 2.7 vulnerability
2021-03-03 00:00:00
Python regression
2021-02-25 00:00:00
suse
suse
Security update for python (important)
2021-02-10 00:00:00
Security update for python3 (moderate)
2021-02-23 00:00:00
gentoo
gentoo
Python: Multiple vulnerabilities
2021-01-24 00:00:00
debian
debian
[SECURITY] [DLA 2919-1] python2.7 security update
2022-02-12 18:54:50
[SECURITY] [DLA 2619-1] python3.5 security update
2021-04-05 16:08:19
redhat
redhat
(RHSA-2022:5235) Moderate: python security update
2022-06-28 07:52:39
(RHSA-2021:1879) Moderate: python38:3.8 security update
2021-05-18 06:18:31
(RHSA-2021:1633) Moderate: python3 security update
2021-05-18 05:42:46
rocky
rocky
python38:3.8 security update
2021-05-18 06:18:31
almalinux
almalinux
Moderate: python38:3.8 security update
2021-05-18 06:18:31
Moderate: python3 security update
2021-05-18 05:42:46
centos
centos
python, tkinter security update
2022-08-02 19:15:12
JSON
Related for ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_CPU_JAN_2022_UI.NASL
ibm8prion2cnvd1zdt2nessus67cve2osv13packetstorm2oraclelinux8fedora14openvas42alpinelinux1amazon2f51ubuntucve1photon4cbl_mariner1hackerone1veracode1debiancve1redhatcve1mageia1redos3archlinux1cloudfoundry3ubuntu4suse2gentoo1debian2redhat3rocky1almalinux2centos1