Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JUL_2020_CPU_UI.NASLHistoryJan 12, 2023 - 12:00 a.m.
Oracle Enterprise Manager Ops Center UI and Other Patches (Jul 2020 CPU)
2023-01-1200:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
The 12.4.0.0 versions of Enterprise Manager Ops Center installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2020 CPU advisory.
-
Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager (component:
Apache Log4j). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle Enterprise Manager Ops Center.
Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Ops Center.
(CVE-2017-5645) -
Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager (component:
Networking (Apache Ant)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Enterprise Manager Ops Center accessible data as well as unauthorized access to critical data or complete access to all Enterprise Manager Ops Center accessible data (CVE-2020-1945).
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(169979);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/07");
script_cve_id("CVE-2017-5645", "CVE-2020-1945");
script_xref(name:"IAVA", value:"2020-A-0326");
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_xref(name:"CEA-ID", value:"CEA-2021-0004");
script_name(english:"Oracle Enterprise Manager Ops Center UI and Other Patches (Jul 2020 CPU)");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"The 12.4.0.0 versions of Enterprise Manager Ops Center installed on the remote host are affected by multiple
vulnerabilities as referenced in the July 2020 CPU advisory.
- Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager (component:
Apache Log4j). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows
unauthenticated attacker with network access to compromise Oracle Enterprise Manager Ops Center.
Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Ops Center.
(CVE-2017-5645)
- Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager (component:
Networking (Apache Ant)). The supported version that is affected is 12.4.0.0. Easily exploitable
vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise
Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized creation,
deletion or modification access to critical data or all Enterprise Manager Ops Center accessible data as
well as unauthorized access to critical data or complete access to all Enterprise Manager Ops Center
accessible data (CVE-2020-1945).
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/a/tech/docs/cpujul2020cvrf.xml");
script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujul2020.html");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the July 2020 Oracle Critical Patch Update advisory.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5645");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/14");
script_set_attribute(attribute:"patch_publication_date", value:"2020/07/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager_ops_center");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("oracle_enterprise_manager_ops_center_installed.nbin");
script_require_keys("installed_sw/Oracle Enterprise Manager Ops Center");
exit(0);
}
include('vcf_extras_oracle_em_ops_center.inc');
get_kb_item_or_exit('Host/local_checks_enabled');
var constraints = [
{'min_version': '12.4.0.0', 'max_version': '12.4.0.9999', 'ui_patch': '31470640'}
];
var app_info = vcf::oracle_em_ops_center::get_app_info();
vcf::oracle_em_ops_center::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | enterprise_manager_ops_center | cpe:/a:oracle:enterprise_manager_ops_center |
Related
oraclelinux
oraclelinux
log4j security update
2017-08-09 00:00:00
log4j security update
2022-05-23 00:00:00
seebug
seebug
Apache Log4j socket receiver deserialization vulnerability (CVE-2017-5645)
2017-04-18 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: log4j-2.5-3.fc24
2017-05-04 18:26:42
[SECURITY] Fedora 26 Update: log4j-2.7-4.fc26
2017-05-02 15:59:49
[SECURITY] Fedora 24 Update: log4j12-1.2.17-19.fc24
2017-06-12 19:29:11
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:17:41
Insecure Temporary Directory
2020-05-15 05:16:57
Remote Code Execution (RCE)
2017-04-18 01:36:45
openvas
openvas
Oracle BI Publisher Code Execution Vulnerability (cpuoct2018)
2018-10-18 00:00:00
Fedora Update for log4j12 FEDORA-2017-8348115acd
2017-06-13 00:00:00
RedHat Update for log4j RHSA-2017:2423-01
2017-08-08 00:00:00
symantec
symantec
Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
2017-04-17 00:00:00
osv
osv
Deserialization of Untrusted Data in Log4j
2020-01-06 18:43:38
CVE-2017-5645
2017-04-17 21:59:00
Sensitive Data Exposure in Apache Ant
2020-09-14 18:13:29
checkpoint_advisories
checkpoint_advisories
Apache Log4j Remote Code Execution (CVE-2017-5645)
2022-01-02 00:00:00
redhat
redhat
cve
cve
nessus
nessus
Fedora 24 : log4j12 (2017-7e0ff7f73a)
2017-06-13 00:00:00
Fedora 25 : log4j12 (2017-8348115acd)
2017-06-13 00:00:00
Scientific Linux Security Update : log4j on SL7.x (noarch) (20170807)
2017-08-22 00:00:00
f5
f5
K23173103 : log4j vulnerability CVE-2017-5645
2018-01-31 00:00:00
github
github
Deserialization of Untrusted Data in Log4j
2020-01-06 18:43:38
Sensitive Data Exposure in Apache Ant
2020-09-14 18:13:29
Code injection in Apache Ant
2021-02-03 19:16:35
debiancve
debiancve
ubuntucve
ubuntucve
prion
prion
Code injection
2017-04-17 21:59:00
Design/Logic Flaw
2020-05-14 16:15:00
Design/Logic Flaw
2020-10-01 20:15:00
myhack58
myhack58
ibm
ibm
ubuntu
ubuntu
Apache Ant vulnerability
2020-06-01 00:00:00
Apache Ant vulnerability
2021-03-15 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2020-0099
2020-06-01 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-2.0-0247
2020-05-30 00:00:00
Moderate Photon OS Security Update - PHSA-2020-3.0-0099
2020-06-01 00:00:00
redhatcve
redhatcve
archlinux
archlinux
[ASA-202005-15] ant: arbitrary command execution
2020-05-20 00:00:00
[ASA-202012-5] ant: arbitrary code execution
2020-12-05 00:00:00
gentoo
gentoo
Apache Ant: Multiple vulnerabilities
2020-07-27 00:00:00
mageia
mageia
Updated ant packages fix security vulnerability
2020-05-27 21:17:37
Updated ant packages fix security vulnerability
2021-04-03 16:16:06
suse
suse
Security update for ant (moderate)
2020-07-20 00:00:00
alpinelinux
alpinelinux
CVE-2020-1945
2020-05-14 16:15:00
CVE-2020-11979
2020-10-01 20:15:00
freebsd
freebsd
Apache Ant leaks sensitive information via the java.io.tmpdir
2020-05-14 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1805
2021-07-02 16:31:56
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Log4J
2019-12-25 16:46:11
centos
centos
log4j security update
2017-08-31 18:57:53
amazon
amazon
Important: log4j
2022-01-18 20:15:00
Medium: log4j
2022-01-18 21:37:00
attackerkb
attackerkb
CVE-2019-17571
2019-12-20 00:00:00
Related for ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JUL_2020_CPU_UI.NASL