Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_GOLDENGATE_CPU_OCT_2021.NASL
HistoryOct 22, 2021 - 12:00 a.m.

Oracle GoldenGate (Oct 2021 CPU)

2021-10-2200:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
47

6.8 Medium

AI Score

Confidence

High

JSON

The All Supported Versions versions of GoldenGate installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory.

  • Vulnerability in Oracle GoldenGate (component: Install (Dell BSAFE Crypto-J)). The supported version that is affected is Prior to 19.1.0.0.0.210420. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle GoldenGate. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle GoldenGate accessible data. (CVE-2019-3740)

  • Security-in-Depth issue in Oracle GoldenGate (component: Install (jQuery)). This vulnerability cannot be exploited in the context of this product. (CVE-2020-11023)

  • Security-in-Depth issue in Oracle GoldenGate (component: General (Apache Batik)). This vulnerability cannot be exploited in the context of this product. (CVE-2020-11987)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(154342);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/28");

  script_cve_id(
    "CVE-2011-4969",
    "CVE-2012-6708",
    "CVE-2015-9251",
    "CVE-2018-10237",
    "CVE-2019-3738",
    "CVE-2019-3739",
    "CVE-2019-3740",
    "CVE-2019-11358",
    "CVE-2019-17566",
    "CVE-2020-8908",
    "CVE-2020-11022",
    "CVE-2020-11023",
    "CVE-2020-11987"
  );
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");

  script_name(english:"Oracle GoldenGate (Oct 2021 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The All Supported Versions versions of GoldenGate installed on the remote host are affected by multiple vulnerabilities
as referenced in the October 2021 CPU advisory.

  - Vulnerability in Oracle GoldenGate (component: Install (Dell BSAFE Crypto-J)). The supported version that is
    affected is Prior to 19.1.0.0.0.210420. Easily exploitable vulnerability allows unauthenticated attacker with
    network access via Oracle Net to compromise Oracle GoldenGate. Successful attacks require human interaction
    from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized
    access to critical data or complete access to all Oracle GoldenGate accessible data. (CVE-2019-3740)

  - Security-in-Depth issue in Oracle GoldenGate (component: Install (jQuery)). This vulnerability cannot be
    exploited in the context of this product. (CVE-2020-11023)
  
  - Security-in-Depth issue in Oracle GoldenGate (component: General (Apache Batik)). This vulnerability cannot 
    be exploited in the context of this product. (CVE-2020-11987)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/a/tech/docs/cpuoct2021cvrf.xml");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuoct2021.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2021 Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-11987");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/10/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/10/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/10/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:goldengate");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_goldengate_installed.nbin");
  script_require_keys("Oracle/GoldenGate/Installed");

  exit(0);
}

include('vcf_extras_oracle.inc');

var app_info = vcf::oracle_goldengate::get_app_info();

var constraints = [
  {
    'min_version'   : '19.1' ,
    'fixed_version' : '19.1.0.0.211019',
    'fixed_display' : '19.1.0.0.211019 (33376981 / 33376978 / 33376975 / 33376964)'
  }
];

vcf::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_WARNING
);
VendorProductVersionCPE
oraclefusion_middlewarecpe:/a:oracle:fusion_middleware
oraclegoldengatecpe:/a:oracle:goldengate

Related

ibm 60
atlassian 6
altlinux 1
hackerone 1
freebsd 2
nessus 32
fortinet 1
archlinux 1
mageia 2
openvas 23
intothesymmetry 1
osv 9
suse 3
attackerkb 2
githubexploit 2
hp 1
fedora 9
joomla 1
oraclelinux 1
debian 2
checkpoint_advisories 1
drupal 1
redhat 5
rocky 1
typo3 1
gentoo 1
ics 1
f5 3
debiancve 3
ubuntu 1
prion 3
zdt 1
github 4
cve 3
redhatcve 2
alpinelinux 1
packetstorm 1
securityvulns 1
ubuntucve 3
veracode 2
ibm
ibm
Security Bulletin: Multiple vulnerabilities in JQuery Java Script Library Affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data
2023-12-06 16:31:43
Security Bulletin: API Connect is vulnerable to JQuery Cross-Site Scripting (XSS) and other vulnerabilities (CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023)
2022-10-21 22:10:10
Security Bulletin: Multiple vulnerabilities found in third party libraries used by IBM® MobileFirst Platform
2023-04-19 17:26:48
atlassian
atlassian
Update jQuery to avoid CVE-2020-11022, CVE-2020-11023, and CVE-2015-9251
2021-02-16 18:28:38
Jira uses vulnerable jQuery version CVE-2015-9251
2020-04-20 13:29:57
Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023
2021-02-02 09:59:24
altlinux
altlinux
Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1
2020-10-21 00:00:00
hackerone
hackerone
Ruby: Ruby is shipping a vulnerable jQuery
2019-03-30 14:10:34
freebsd
freebsd
RDoc -- multiple jQuery vulnerabilities
2019-08-28 00:00:00
Cacti -- multiple vulnerabilities
2020-07-15 00:00:00
nessus
nessus
FreeBSD : RDoc -- multiple jQuery vulnerabilities (ed8d5535-ca78-11e9-980b-999ff59c22ea)
2019-08-30 00:00:00
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19)
2022-09-01 00:00:00
JQuery 1.2 < 3.5.0 Multiple XSS
2020-05-28 00:00:00
fortinet
fortinet
Protect
2019-04-10 00:00:00
archlinux
archlinux
[ASA-201910-4] ruby-rdoc: cross-site scripting
2019-10-02 00:00:00
mageia
mageia
Updated batik packages fix security vulnerabilities
2021-04-02 23:25:05
Updated batik packages fix a security vulnerability
2021-03-17 09:16:07
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0168)
2022-01-28 00:00:00
openSUSE: Security Advisory for otrs (openSUSE-SU-2020:1888-1)
2020-11-10 00:00:00
Tenable Nessus Network Monitor < 5.13.0 Multiple Vulnerabilities (TNS-2021-02)
2022-12-20 00:00:00
intothesymmetry
intothesymmetry
Side channel timing attacks against (EC)DSA in RSA BSAFE CVE-2019-3739/CVE-2019-3740 - Project Wycheproof is the AFL for Cryptography
2019-08-16 09:18:00
osv
osv
jquery - security update
2021-03-25 00:00:00
drupal7 - security update
2020-05-26 00:00:00
Low: pcs security, bug fix, and enhancement update
2021-11-09 08:21:49
suse
suse
Security update for otrs (moderate)
2020-11-10 00:00:00
Security update for cacti, cacti-spine (moderate)
2020-07-28 00:00:00
Security update for cacti, cacti-spine (moderate)
2020-07-25 00:00:00
attackerkb
attackerkb
CVE-2020-11022
2020-04-29 00:00:00
CVE-2020-11023
2020-04-29 00:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Jquery
2021-10-16 01:10:33
Exploit for Cross-site Scripting in Jquery
2020-04-14 19:12:01
hp
hp
HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)
2020-09-17 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: drupal8-8.9.0-1.fc32
2020-06-16 01:32:24
[SECURITY] Fedora 33 Update: drupal7-7.72-1.fc33
2020-09-25 17:15:48
[SECURITY] Fedora 34 Update: batik-1.14-1.fc34
2021-03-19 20:30:31
joomla
joomla
[20200604] - Core - XSS in jQuery.htmlPrefilter
2020-04-10 00:00:00
oraclelinux
oraclelinux
jquery-ui security update
2022-03-01 00:00:00
debian
debian
[SECURITY] [DSA 4693-1] drupal7 security update
2020-05-26 21:08:21
[SECURITY] [DLA 2608-1] jquery security update
2021-03-26 01:32:22
checkpoint_advisories
checkpoint_advisories
jQuery Cross Site Scripting (CVE-2020-11022; CVE-2020-11023)
2020-11-16 00:00:00
drupal
drupal
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002
2020-05-20 00:00:00
redhat
redhat
(RHSA-2020:4211) Moderate: Red Hat AMQ Interconnect 1.9.0 release and security update
2020-10-08 06:44:00
(RHSA-2022:7343) Important: pcs security update
2022-11-02 16:05:00
(RHSA-2021:4142) Low: pcs security, bug fix, and enhancement update
2021-11-09 08:21:49
rocky
rocky
pcs security, bug fix, and enhancement update
2021-11-09 08:21:49
typo3
typo3
Cross-Site Scripting in extension "Kitodo.Presentation" (dlf)
2020-07-29 00:00:00
gentoo
gentoo
Cacti: Multiple vulnerabilities
2020-07-26 00:00:00
ics
ics
Pepperl+Fuchs WirelessHART-Gateway
2022-04-07 12:00:00
f5
f5
K62532311 : jQuery vulnerability CVE-2012-6708
2018-11-28 00:00:00
K16967 : XSS vulnerability in jQuery CVE-2011-4969
2015-08-26 00:00:00
SOL16967 - XSS vulnerability in jQuery CVE-2011-4969
2015-08-26 00:00:00
debiancve
debiancve
CVE-2012-6708
2018-01-18 23:29:00
CVE-2011-4969
2013-03-08 22:55:00
CVE-2018-10237
2018-04-26 21:29:00
ubuntu
ubuntu
jQuery vulnerability
2013-02-13 00:00:00
prion
prion
Cross site scripting
2013-03-08 22:55:00
Cross site scripting
2018-01-18 23:29:00
Server side request forgery (ssrf)
2021-02-24 18:15:00
zdt
zdt
Linksys EA7500 2.0.8.194281 - Cross-Site Scripting Vulnerability
2021-03-24 00:00:00
github
github
Cross-Site Scripting in jquery
2020-09-01 16:41:46
jQuery vulnerable to Cross-Site Scripting (XSS)
2022-05-14 01:09:51
Persistent Cross-site Scripting vulnerability in PrivateBin
2022-04-12 20:45:22
cve
cve
CVE-2012-6708
2018-01-18 23:29:00
CVE-2011-4969
2013-03-08 22:55:00
CVE-2020-11987
2021-02-24 18:15:00
redhatcve
redhatcve
CVE-2012-6708
2020-04-08 21:22:26
CVE-2020-11987
2021-03-01 19:03:16
alpinelinux
alpinelinux
CVE-2012-6708
2018-01-18 23:29:00
packetstorm
packetstorm
Linksys EA7500 2.0.8.194281 Cross Site Scripting
2021-03-25 00:00:00
securityvulns
securityvulns
[USN-1722-1] jQuery vulnerability
2013-02-18 00:00:00
ubuntucve
ubuntucve
CVE-2012-6708
2018-01-18 00:00:00
CVE-2011-4969
2013-01-30 00:00:00
CVE-2020-11987
2021-02-24 00:00:00
veracode
veracode
XML External Entity (XXE)
2021-02-25 04:34:00
Denial Of Service (DoS)
2018-04-27 02:51:59

6.8 Medium

AI Score

Confidence

High

JSON
Related for ORACLE_GOLDENGATE_CPU_OCT_2021.NASL
ibm60atlassian6altlinux1hackerone1freebsd2nessus32fortinet1archlinux1mageia2openvas23intothesymmetry1osv9suse3attackerkb2githubexploit2hp1fedora9joomla1oraclelinux1debian2checkpoint_advisories1drupal1redhat5rocky1typo31gentoo1ics1f53debiancve3ubuntu1prion3zdt1github4cve3redhatcve2alpinelinux1packetstorm1securityvulns1ubuntucve3veracode2