Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2020_CPU.NASL
HistoryJan 20, 2020 - 12:00 a.m.

Oracle Enterprise Manager Ops Center (Jan 2020 CPU)

2020-01-2000:00:00
This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
38
JSON

The version of Oracle Enterprise Manager Ops Center installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component:

  • An unspecified vulnerability in the Networking (Oracle Security Service) component of Oracle Enterprise Manager Ops Center. An easy to exploit vulnerability could allow unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Ops Center.
    A successful attack of this vulnerability can result in takeover of Enterprise Manager Ops Center. (CVE-2018-11058)

  • An unspecified vulnerability in the Networking (RSA Bsafe) component of Oracle Enterprise Manager Ops Center.
    A difficult to exploit vulnerability could allow a low privileged attacker with logon to the infrastructure where Enterprise Manager Ops Center executes to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability can result in takeover of Enterprise Manager Ops Center. (CVE-2019-1547)

  • An unspecified vulnerability in the Networking (cURL) component of Oracle Enterprise Manager Ops Center.
    Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability can result in takeover of Enterprise Manager Ops Center. (CVE-2019-5482)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include("compat.inc");

if (description)
{
  script_id(133091);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/01/12");

  script_cve_id("CVE-2018-11058", "CVE-2019-1547", "CVE-2019-5482");
  script_xref(name:"IAVA", value:"2020-A-0150");
  script_xref(name:"IAVA", value:"2020-A-0481");

  script_name(english:"Oracle Enterprise Manager Ops Center (Jan 2020 CPU)");
  script_summary(english:"Checks for the patch ID.");

  script_set_attribute(attribute:"synopsis", value:
"An enterprise management application installed on the remote host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle Enterprise Manager Ops Center installed on
the remote host is affected by multiple vulnerabilities in
Enterprise Manager Base Platform component:

  - An unspecified vulnerability in the Networking (Oracle
    Security Service) component of Oracle Enterprise Manager
    Ops Center. An easy to exploit vulnerability could allow
    unauthenticated attacker with network access via HTTPS
    to compromise Enterprise Manager Ops Center.
    A successful attack of this vulnerability can result in
    takeover of Enterprise Manager Ops Center. (CVE-2018-11058)

  - An unspecified vulnerability in the Networking (RSA
      Bsafe) component of Oracle Enterprise Manager Ops Center.
      A difficult to exploit vulnerability could allow a low
      privileged attacker with logon to the infrastructure where
      Enterprise Manager Ops Center executes to compromise
      Enterprise Manager Ops Center. A successful attack of this
      vulnerability can result in takeover of Enterprise Manager
      Ops Center. (CVE-2019-1547)

  - An unspecified vulnerability in the Networking (cURL)
    component of Oracle Enterprise Manager Ops Center.
    Easily exploitable vulnerability allows unauthenticated
    attacker with network access via multiple protocols to
    compromise Enterprise Manager Ops Center. A successful
    attack of this vulnerability can result in takeover of
    Enterprise Manager Ops Center. (CVE-2019-5482)");
  # https://www.oracle.com/security-alerts/cpujan2020.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d22a1e87");
  # https://www.oracle.com/security-alerts/cpujan2020verbose.html#EM
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?91e1354f");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the January 2020
Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5482");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/01/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager_ops_center");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_enterprise_manager_ops_center_installed.nbin");
  script_require_keys("installed_sw/Oracle Enterprise Manager Ops Center");

  exit(0);
}

include('vcf_extras_oracle_em_ops_center.inc');

get_kb_item_or_exit('Host/local_checks_enabled');

var constraints = [
  {'min_version': '12.3.3.0', 'max_version': '12.3.3.9999', 'uce_patch': '30670631'},
  {'min_version': '12.4.0.0', 'max_version': '12.4.0.9999', 'uce_patch': '30670627'}
];

var app_info = vcf::oracle_em_ops_center::get_app_info();

vcf::oracle_em_ops_center::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
oracleenterprise_manager_ops_centercpe:/a:oracle:enterprise_manager_ops_center

Related

prion 3
nessus 72
cve 3
checkpoint_advisories 1
oraclelinux 3
ibm 19
symantec 2
alpinelinux 2
redhat 6
osv 7
debian 4
ubuntu 2
openvas 41
centos 1
ubuntucve 2
redhatcve 2
veracode 2
f5 2
debiancve 2
openssl 1
fedora 2
slackware 2
cloudfoundry 2
suse 6
amazon 3
hackerone 1
photon 2
aix 1
gentoo 1
freebsd 2
prion
prion
Buffer overflow
2018-09-14 20:29:00
Heap overflow
2019-09-16 19:15:00
Design/Logic Flaw
2019-09-10 17:15:00
nessus
nessus
Oracle Access Manager (Oct 2020 CPU) (deprecated)
2020-12-11 00:00:00
Oracle Real User Experience Insight (Apr 2020 CPU)
2020-04-17 00:00:00
Oracle Linux 7 : curl (ELSA-2020-5562)
2020-03-10 00:00:00
cve
cve
CVE-2018-11058
2018-09-14 20:29:00
CVE-2019-5482
2019-09-16 19:15:00
CVE-2019-1547
2019-09-10 17:15:00
checkpoint_advisories
checkpoint_advisories
Haxx Curl Buffer Overflow (CVE-2019-5482)
2020-02-25 00:00:00
oraclelinux
oraclelinux
curl security update
2020-03-09 00:00:00
curl security update
2020-03-08 00:00:00
curl security update
2020-05-05 00:00:00
ibm
ibm
Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by a libcurl security vulnerability (CVE-2019-5482)
2020-02-28 21:24:11
Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by a vulnerability in cURL (CVE-2019-5482)
2020-06-24 18:53:55
Security Bulletin: A vulnerability in OpenSSL affects IBM Storage Protect Backup-Archive Client on Linux x86_64 and Microsoft Windows (CVE-2019-1547)
2023-10-31 14:40:39
symantec
symantec
curl/libcURL CVE-2019-5482 Heap Buffer Overflow Vulnerability
2019-08-31 00:00:00
OpenSSL CVE-2019-1547 Information Disclosure Vulnerability
2019-09-10 00:00:00
alpinelinux
alpinelinux
CVE-2019-5482
2019-09-16 19:15:00
CVE-2019-1547
2019-09-10 17:15:00
redhat
redhat
(RHSA-2021:0877) Moderate: curl security update
2021-03-16 13:07:11
(RHSA-2021:0759) Moderate: curl security update
2021-03-09 08:47:34
(RHSA-2021:1027) Moderate: curl security update
2021-03-30 07:24:22
osv
osv
curl - security update
2019-09-12 00:00:00
CVE-2019-5482
2019-09-16 19:15:10
CVE-2019-1547
2019-09-10 17:15:11
debian
debian
[SECURITY] [DLA 1917-1] curl security update
2019-09-13 08:18:00
[SECURITY] [DSA 4540-1] openssl1.0 security update
2019-10-01 20:27:44
[SECURITY] [DLA 1932-1] openssl security update
2019-09-25 21:56:34
ubuntu
ubuntu
curl vulnerability
2019-09-12 00:00:00
curl vulnerabilities
2019-09-11 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1917-1)
2019-09-14 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2339-2)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-2252)
2020-01-23 00:00:00
centos
centos
curl, libcurl security update
2020-10-20 17:52:24
ubuntucve
ubuntucve
CVE-2019-5482
2019-09-11 00:00:00
CVE-2019-1547
2019-09-10 00:00:00
redhatcve
redhatcve
CVE-2019-5482
2019-09-13 06:51:53
CVE-2019-1547
2019-11-03 09:38:16
veracode
veracode
Arbitrary Code Execution
2019-09-12 07:10:22
Side-Channel Attack
2019-09-11 07:19:08
f5
f5
K41523201 : cURL vulnerability CVE-2019-5482
2020-12-23 00:00:00
K73422160 : OpenSSL vulnerability CVE-2019-1547
2019-10-10 00:00:00
debiancve
debiancve
CVE-2019-5482
2019-09-16 19:15:00
CVE-2019-1547
2019-09-10 17:15:00
openssl
openssl
Vulnerability in OpenSSL CVE-2019-1547
2019-09-10 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: curl-7.66.0-1.fc31
2019-09-21 00:04:17
[SECURITY] Fedora 31 Update: openssl-1.1.1d-1.fc31
2019-09-21 00:04:27
slackware
slackware
[slackware-security] curl
2019-09-12 05:20:08
[slackware-security] openssl
2019-09-12 05:20:57
cloudfoundry
cloudfoundry
USN-4129-1: curl vulnerabilities | Cloud Foundry
2019-09-30 00:00:00
PXC Release update for April 2020 MySQL security patches | Cloud Foundry
2020-08-10 00:00:00
suse
suse
Security update for curl (important)
2019-09-18 00:00:00
Security update for curl (important)
2019-09-24 00:00:00
Security update for openssl-1_1 (moderate)
2019-09-24 00:00:00
amazon
amazon
Medium: curl
2019-10-21 18:01:00
Medium: curl
2019-09-30 20:56:00
Important: openssl
2020-03-23 16:26:00
hackerone
hackerone
curl: Heap buffer overflow in TFTP when using small blksize
2019-08-29 15:52:19
photon
photon
Critical Photon OS Security Update - PHSA-2019-0032
2019-10-04 00:00:00
Critical Photon OS Security Update - PHSA-2019-3.0-0032
2019-10-04 00:00:00
aix
aix
There is a vulnerability in OpenSSL used by AIX.
2019-11-26 14:32:29
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2019-11-07 00:00:00
freebsd
freebsd
OpenSSL -- Multiple vulnerabilities
2019-09-10 00:00:00
curl -- multiple vulnerabilities
2019-09-11 00:00:00
JSON
Related for ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2020_CPU.NASL
prion3nessus72cve3checkpoint_advisories1oraclelinux3ibm19symantec2alpinelinux2redhat6osv7debian4ubuntu2openvas41centos1ubuntucve2redhatcve2veracode2f52debiancve2openssl1fedora2slackware2cloudfoundry2suse6amazon3hackerone1photon2aix1gentoo1freebsd2