Oracle Enterprise Manager Ops Center (Oct 2019 CPU)

2020-01-17T00:00:00
ID ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_OCT_2019_CPU.NASL
Type nessus
Reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-01-17T00:00:00

Description

The version of Oracle Enterprise Manager Ops Center installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component:

  • An unspecified vulnerability in the Networking (cURL) component of Oracle Enterprise Manager Ops Center. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability can result in takeover of Enterprise Manager Ops Center. (CVE-2019-5443)

  • An unspecified vulnerability in the Networking (jQuery) component of Oracle Enterprise Manager Ops Center. A difficult to exploit vulnerability could allow a low privileged attacker with logon to the infrastructure where Enterprise Manager Ops Center executes to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability can result in unauthorized access of Enterprise Manager Ops Center data. (CVE-2019-11358)

  • An unspecified vulnerability in the OS Provisioning (Apache HTTP Server) component of Oracle Enterprise Manager Ops Center. An easily exploitable vulnerability could allow an unauthenticated attacker with network access via multiple protocols to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability can result in unauthorized access of Enterprise Manager Ops Center data. (CVE-2019-9517)

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(133057);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/06");

  script_cve_id("CVE-2019-5443", "CVE-2019-9517", "CVE-2019-11358");
  script_bugtraq_id(108023, 108881);
  script_xref(name:"IAVA", value:"2019-A-0384");
  script_xref(name:"IAVA", value:"2020-A-0150");

  script_name(english:"Oracle Enterprise Manager Ops Center (Oct 2019 CPU)");
  script_summary(english:"Checks for the patch ID.");

  script_set_attribute(attribute:"synopsis", value:
"An enterprise management application installed on the remote host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle Enterprise Manager Ops Center installed on
the remote host is affected by multiple vulnerabilities in
Enterprise Manager Base Platform component:

  - An unspecified vulnerability in the Networking (cURL)
    component of Oracle Enterprise Manager Ops Center. 
    An easy to exploit vulnerability could allow an
    unauthenticated attacker with network access via HTTPS
    to compromise Enterprise Manager Ops Center.
    A successful attack of this vulnerability can result in
    takeover of Enterprise Manager Ops Center. (CVE-2019-5443)

  - An unspecified vulnerability in the Networking (jQuery)
    component of Oracle Enterprise Manager Ops Center.
    A difficult to exploit vulnerability could allow a low
    privileged attacker with logon to the infrastructure where
    Enterprise Manager Ops Center executes to compromise
    Enterprise Manager Ops Center. A successful attack of this
    vulnerability can result in unauthorized access of Enterprise
    Manager Ops Center data. (CVE-2019-11358)

  - An unspecified vulnerability in the OS Provisioning
    (Apache HTTP Server) component of Oracle Enterprise
    Manager Ops Center. An easily exploitable vulnerability
    could allow an unauthenticated attacker with network
    access via multiple protocols to compromise Enterprise
    Manager Ops Center. A successful attack of this
    vulnerability can result in unauthorized access of
    Enterprise Manager Ops Center data. (CVE-2019-9517)");
  # https://www.oracle.com/security-alerts/cpuoct2019.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2c94f8e4");
  # https://www.oracle.com/security-alerts/cpuoct2019verbose.html#EM
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?17ac9b74");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2019
Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5443");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/10/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager_ops_center");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_enterprise_manager_ops_center_installed.nbin");
  script_require_keys("installed_sw/Oracle Enterprise Manager Ops Center");

  exit(0);
}

include('global_settings.inc');
include('misc_func.inc');
include('install_func.inc');

get_kb_item_or_exit('Host/local_checks_enabled');
app_name = 'Oracle Enterprise Manager Ops Center';

install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
version = install['version'];
version_full = install['Full Patch Version'];
path = install['path'];
patch_version = install['Patch Version'];


patchid = NULL;
fix = NULL;

if (version_full =~ "^12\.3\.3\.")
{
  patchid = '30295408';
  fix = '1831';
} 
else if (version_full =~ "^12\.4\.0\.")
{
  patchid = '30295414';
  fix = '1400';
}

if (isnull(patchid))
  audit(AUDIT_HOST_NOT, 'affected');

if (ver_compare(ver:patch_version, fix:fix, strict:FALSE) != -1)
  audit(AUDIT_INST_PATH_NOT_VULN, app_name, version_full, path);

report = 
  '\n Path                : ' + path + 
  '\n Version             : ' + version + 
  '\n Ops Agent Version   : ' + version_full + 
  '\n Current Patch       : ' + patch_version + 
  '\n Fixed Patch Version : ' + fix +
  '\n Fix                 : ' + patchid;

security_report_v4(extra:report, severity:SECURITY_WARNING, port:0);