Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2019_CPU.NASL
HistoryNov 21, 2019 - 12:00 a.m.

Oracle Enterprise Manager Ops Center (Jan 2019 CPU)

2019-11-2100:00:00
This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
JSON

The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component:

  • An unspecified vulnerability in the subcomponent Networking (jQuery) of Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. A successful attacks requires human interaction and can result in unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data.
    (CVE-2015-9251)

  • An unspecified vulnerability in the subcomponent Networking (OpenSSL) of the Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability could result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Ops Center. (CVE-2018-0732)

  • An unspecified vulnerability in the subcomponent Networking (cURL) of Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center.
    A successful attack requires human interaction from a person other than the attacker and can result in takeover of Enterprise Manager Ops Center. (CVE-2018-1000300)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include("compat.inc");

if (description)
{
  script_id(131184);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/01/12");

  script_cve_id(
    "CVE-2015-9251",
    "CVE-2017-3735",
    "CVE-2017-3736",
    "CVE-2017-3738",
    "CVE-2018-0732",
    "CVE-2018-0733",
    "CVE-2018-0737",
    "CVE-2018-0739",
    "CVE-2018-1000120",
    "CVE-2018-1000121",
    "CVE-2018-1000122",
    "CVE-2018-1000300",
    "CVE-2018-1000301"
  );

  script_name(english:"Oracle Enterprise Manager Ops Center (Jan 2019 CPU)");
  script_summary(english:"Checks for the patch ID.");

  script_set_attribute(attribute:"synopsis", value:
"An enterprise management application installed on the remote host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle Enterprise Manager Cloud Control installed on
the remote host is affected by multiple vulnerabilities in
Enterprise Manager Base Platform component:

  - An unspecified vulnerability in the subcomponent Networking
    (jQuery) of Enterprise Manager Ops Center. Supported versions
    that are affected are 12.2.2 and 12.3.3. An easy to exploit
    vulnerability could allow an unauthenticated attacker with
    network access via HTTP to compromise Enterprise Manager Ops
    Center. A successful attacks requires human interaction and
    can result in unauthorized update, insert or delete access
    to some of Enterprise Manager Ops Center accessible data.
    (CVE-2015-9251)

  - An unspecified vulnerability in the subcomponent Networking
    (OpenSSL) of the Enterprise Manager Ops Center. Supported
    versions that are affected are 12.2.2 and 12.3.3. An easy
    to exploit vulnerability could allow an unauthenticated
    attacker with network access via HTTPS to compromise
    Enterprise Manager Ops Center. A successful attack of this
    vulnerability could result in unauthorized ability to cause
    a hang or frequently repeatable crash (complete DOS) of
    Enterprise Manager Ops Center. (CVE-2018-0732)

  - An unspecified vulnerability in the subcomponent Networking
    (cURL) of Enterprise Manager Ops Center. Supported versions
    that are affected are 12.2.2 and 12.3.3. Difficult to exploit
    vulnerability allows unauthenticated attacker with network
    access via HTTP to compromise Enterprise Manager Ops Center.
    A successful attack requires human interaction from a person
    other than the attacker and can result in takeover of
    Enterprise Manager Ops Center. (CVE-2018-1000300)");
  # https://www.oracle.com/security-alerts/cpujan2019.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?69d7e6bf");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the January 2019
Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1000300");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/01/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager_ops_center");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_enterprise_manager_ops_center_installed.nbin");
  script_require_keys("installed_sw/Oracle Enterprise Manager Ops Center");

  exit(0);
}

include('vcf_extras_oracle_em_ops_center.inc');

get_kb_item_or_exit('Host/local_checks_enabled');

var constraints = [
  {'min_version': '12.2.2.0', 'max_version': '12.2.2.9999', 'uce_patch': '29215911', 'ui_patch': '29215902'},
  {'min_version': '12.3.3.0', 'max_version': '12.3.3.9999', 'uce_patch': '29215911', 'ui_patch': '29215902'}
];

var app_info = vcf::oracle_em_ops_center::get_app_info();

vcf::oracle_em_ops_center::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
oracleenterprise_manager_ops_centercpe:/a:oracle:enterprise_manager_ops_center

Related

nessus 76
ibm 17
openvas 35
ubuntu 3
amazon 6
fedora 8
osv 2
archlinux 12
debian 2
redhat 4
mageia 2
altlinux 2
photon 4
cloudfoundry 2
oraclelinux 7
centos 2
slackware 2
gentoo 4
tenable 2
suse 2
paloalto 1
freebsd 1
cloudlinux 1
symantec 2
nessus
nessus
Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (October 2018 CPU)
2019-04-16 00:00:00
Oracle Secure Global Desktop Multiple Vulnerabilities (July 2018 CPU)
2018-07-25 00:00:00
EulerOS 2.0 SP3 : curl (EulerOS-SA-2018-1203)
2018-07-03 00:00:00
ibm
ibm
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in curl
2023-12-07 22:45:02
Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in curl
2023-12-07 22:45:02
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation
2018-10-12 18:00:01
openvas
openvas
Ubuntu: Security Advisory (USN-3598-2)
2022-08-26 00:00:00
Mageia: Security Advisory (MGASA-2018-0423)
2022-01-28 00:00:00
Fedora Update for curl FEDORA-2018-66c96e0024
2018-03-21 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2018-05-24 00:00:00
curl vulnerabilities
2018-03-15 00:00:00
curl vulnerabilities
2018-05-16 00:00:00
amazon
amazon
Medium: nss-pem
2019-01-07 21:51:00
Medium: curl
2018-04-19 04:55:00
Medium: curl
2018-04-19 04:56:00
fedora
fedora
[SECURITY] Fedora 27 Update: curl-7.55.1-10.fc27
2018-03-20 18:26:44
[SECURITY] Fedora 28 Update: curl-7.59.0-2.fc28
2018-03-30 13:33:07
[SECURITY] Fedora 26 Update: curl-7.53.1-16.fc26
2018-03-20 17:38:42
osv
osv
curl - security update
2018-03-18 00:00:00
curl - security update
2018-03-14 00:00:00
archlinux
archlinux
[ASA-201803-15] curl: multiple issues
2018-03-19 00:00:00
[ASA-201803-20] lib32-libcurl-gnutls: multiple issues
2018-03-19 00:00:00
[ASA-201803-18] lib32-libcurl-compat: multiple issues
2018-03-19 00:00:00
debian
debian
[SECURITY] [DLA 1309-1] curl security update
2018-03-18 21:22:09
[SECURITY] [DSA 4136-1] curl security update
2018-03-14 21:36:51
redhat
redhat
(RHSA-2018:3157) Moderate: curl and nss-pem security and bug fix update
2018-10-30 04:24:21
(RHSA-2020:0544) Moderate: curl security update
2020-02-18 13:56:21
(RHSA-2020:0594) Moderate: curl security update
2020-02-25 11:32:48
mageia
mageia
Updated curl packages fix security vulnerabilities
2018-10-30 21:01:43
Updated openssl packages fix security vulnerabilities
2018-09-02 22:07:30
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.59.0-alt1
2018-03-31 00:00:00
Security fix for the ALT Linux 8 package curl version 7.60.0-alt1
2018-05-16 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0124
2018-04-13 00:00:00
Critical Photon OS Security Update - PHSA-2018-0124
2018-04-13 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0158
2018-07-09 00:00:00
cloudfoundry
cloudfoundry
USN-3598-1: curl vulnerabilities | Cloud Foundry
2018-04-04 00:00:00
USN-3648-1: curl vulnerabilities | Cloud Foundry
2018-06-05 00:00:00
oraclelinux
oraclelinux
curl and nss-pem security and bug fix update
2018-11-05 00:00:00
openssl security update
2018-11-06 00:00:00
openssl security, bug fix, and enhancement update
2018-11-05 00:00:00
centos
centos
curl, libcurl, nss security update
2018-11-15 18:44:09
openssl security update
2018-11-15 18:50:49
slackware
slackware
[slackware-security] curl
2018-03-16 04:18:28
[slackware-security] curl
2018-05-17 04:13:54
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2018-11-28 00:00:00
cURL: Multiple vulnerabilities
2018-06-19 00:00:00
cURL: Multiple vulnerabilities
2018-04-08 00:00:00
tenable
tenable
[R1] Nessus Agent 7.1.0 Fixes Multiple Third-party Vulnerabilities
2018-06-14 16:02:13
[R1] Nessus Agent 7.1.0 Fixes Multiple Third-party Vulnerabilities
2018-06-14 16:02:13
suse
suse
Security update for compat-openssl098 (moderate)
2018-09-12 12:09:38
Security update for curl (moderate)
2018-06-09 15:09:49
paloalto
paloalto
OpenSSL Vulnerabilities in PAN-OS
2018-10-11 00:00:00
freebsd
freebsd
cURL -- multiple vulnerabilities
2018-05-16 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2018-0739, CVE-2018-0737, CVE-2021-3712, CVE-2018-0732
2021-09-21 22:11:57
symantec
symantec
SA166: OpenSSL Vulnerabilities 27-Mar-2018
2018-05-22 08:00:00
OpenSSL Vulnerabilities 16-Apr-2018 and 12-Jun-2018
2018-10-10 08:01:01
JSON
Related for ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2019_CPU.NASL
nessus76ibm17openvas35ubuntu3amazon6fedora8osv2archlinux12debian2redhat4mageia2altlinux2photon4cloudfoundry2oraclelinux7centos2slackware2gentoo4tenable2suse2paloalto1freebsd1cloudlinux1symantec2