Lucene search

K
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2023.NASL
HistoryJan 20, 2023 - 12:00 a.m.

Oracle Primavera Gateway (Jan 2023 CPU)

2023-01-2000:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
oracle primavera gateway
jan 2023 cpu
vulnerabilities
admin
google protobuf-java
jackson-databind
apache commons text
webui
http
cve-2022-3171
cve-2022-42003
cve-2022-42889
cve-2023-21888
unauthorized access
dos
compromise

AI Score

8.5

Confidence

High

EPSS

0.971

Percentile

99.8%

The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory.

  • Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Google Protobuf-Java)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway (CVE-2022-3171)

  • Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (jackson-databind)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. (CVE-2022-42003)

  • Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Apache Commons Text)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in takeover of Primavera Gateway. (CVE-2022-42889)

  • Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: WebUI).
    Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Gateway, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Gateway accessible data as well as unauthorized read access to a subset of Primavera Gateway accessible data. (CVE-2023-21888)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(170194);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/22");

  script_cve_id(
    "CVE-2022-3171",
    "CVE-2022-42003",
    "CVE-2022-42004",
    "CVE-2022-42889",
    "CVE-2023-21888"
  );
  script_xref(name:"IAVA", value:"2023-A-0049");
  script_xref(name:"IAVA", value:"2023-A-0559");

  script_name(english:"Oracle Primavera Gateway (Jan 2023 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in
the January 2023 CPU advisory.

  - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin
    (Google Protobuf-Java)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15,
    20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows unauthenticated attacker
    with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can
    result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera
    Gateway (CVE-2022-3171)
    
  - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin
    (jackson-databind)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15,
    20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows unauthenticated attacker
    with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can
    result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera
    Gateway. (CVE-2022-42003)

  - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin
    (Apache Commons Text)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15,
    20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows unauthenticated attacker
    with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can
    result in takeover of Primavera Gateway. (CVE-2022-42889)

  - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: WebUI).
    Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and
    21.12.0-21.12.8. Easily exploitable vulnerability allows low privileged attacker with network access via
    HTTP to compromise Primavera Gateway. Successful attacks require human interaction from a person other
    than the attacker and while the vulnerability is in Primavera Gateway, attacks may significantly impact
    additional products (scope change). Successful attacks of this vulnerability can result in unauthorized
    update, insert or delete access to some of Primavera Gateway accessible data as well as unauthorized read
    access to a subset of Primavera Gateway accessible data. (CVE-2023-21888)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cpujan2023cvrf.xml");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujan2023.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the January 2023 Oracle Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-42889");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Apache Commons Text RCE');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/01/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/01/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/20");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:primavera_gateway");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_primavera_gateway.nbin");
  script_require_keys("installed_sw/Oracle Primavera Gateway");
  script_require_ports("Services/www", 8006);

  exit(0);
}

include('vcf.inc');
include('http.inc');

get_install_count(app_name:'Oracle Primavera Gateway', exit_if_zero:TRUE);

var port = get_http_port(default:8006);

var app_info = vcf::get_app_info(app:'Oracle Primavera Gateway', port:port);

vcf::check_granularity(app_info:app_info, sig_segments:2);

var constraints = [
  { 'min_version' : '18.8.0', 'fixed_version' : '18.8.16', 'fixed_display':'See vendor advisory' },
  { 'min_version' : '19.12.0', 'fixed_version' : '19.12.16' },
  { 'min_version' : '20.12.0', 'fixed_version' : '20.12.11' },
  { 'min_version' : '21.12.0', 'fixed_version' : '21.12.9' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);