Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_PRIMAVERA_GATEWAY_CPU_OCT_2019.NASLHistoryOct 18, 2019 - 12:00 a.m.
Oracle Primavera Gateway Multiple Vulnerabilities (Oct 2019 CPU)
2019-10-1800:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
9.8 High
AI Score
Confidence
High
According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.17, 16.x prior to 16.2.10, 17.x prior to 17.12.5, or 18.x prior to 18.8.7. It is, therefore, affected by multiple vulnerabilities:
-
An arbitrary file read vulnerability exists in the FasterXML jackson-databind component, which is version 2.x prior to 2.9.9. This vulnerability is due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. An unauthenticated, remote attacker can exploit this by hosting a crafted MySQL server reachable by the victim and sending a crated JSON message that allows them to read arbitrary files and disclose sensitive information. (CVE-2019-12086)
-
Denial of service (DoS) vulnerabilities exist in the Apache POI component, which is prior to 3.1.7, due to a flaw when parsing crafted WMF, EMF, MSG, macros, DOC, PPT, and XLS. An unauthenticated, remote attacker can exploit this issue, via sending crafted input, to cause the application to stop responding.
(CVE-2017-12626) -
A remote code execution vulnerability exists in the FasterXML jackson-databind component, which is prior to 2.9.0.2, due to a flaw in how default typing is handled when ehcache is used because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. (CVE-2019-14379)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(130019);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/17");
script_cve_id("CVE-2017-12626", "CVE-2019-12086", "CVE-2019-14379");
script_bugtraq_id(102879, 109227);
script_xref(name:"IAVA", value:"2019-A-0380");
script_xref(name:"CEA-ID", value:"CEA-2021-0004");
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_name(english:"Oracle Primavera Gateway Multiple Vulnerabilities (Oct 2019 CPU)");
script_set_attribute(attribute:"synopsis", value:
"An application running on the remote web server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web
server is 15.x prior to 15.2.17, 16.x prior to 16.2.10, 17.x prior to 17.12.5, or 18.x prior to 18.8.7. It is,
therefore, affected by multiple vulnerabilities:
- An arbitrary file read vulnerability exists in the FasterXML jackson-databind component, which is version
2.x prior to 2.9.9. This vulnerability is due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. An
unauthenticated, remote attacker can exploit this by hosting a crafted MySQL server reachable by the
victim and sending a crated JSON message that allows them to read arbitrary files and disclose sensitive
information. (CVE-2019-12086)
- Denial of service (DoS) vulnerabilities exist in the Apache POI component, which is prior to 3.1.7, due
to a flaw when parsing crafted WMF, EMF, MSG, macros, DOC, PPT, and XLS. An unauthenticated, remote
attacker can exploit this issue, via sending crafted input, to cause the application to stop responding.
(CVE-2017-12626)
- A remote code execution vulnerability exists in the FasterXML jackson-databind component, which is prior
to 2.9.0.2, due to a flaw in how default typing is handled when ehcache is used because of
net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup. An unauthenticated, remote attacker
can exploit this to bypass authentication and execute arbitrary commands. (CVE-2019-14379)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixPVA
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f7302206");
# https://support.oracle.com/rs?type=doc&id=2593049.1%20
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8f2e008f");
script_set_attribute(attribute:"solution", value:
"Upgrade to Oracle Primavera Gateway version 15.2.17 / 16.2.10 / 17.12.5 / 18.8.7 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14379");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/29");
script_set_attribute(attribute:"patch_publication_date", value:"2019/10/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/18");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:primavera_gateway");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("oracle_primavera_gateway.nbin");
script_require_keys("installed_sw/Oracle Primavera Gateway");
script_require_ports("Services/www", 8006);
exit(0);
}
include('http.inc');
include('vcf.inc');
get_install_count(app_name:'Oracle Primavera Gateway', exit_if_zero:TRUE);
port = get_http_port(default:8006);
app_info = vcf::get_app_info(app:'Oracle Primavera Gateway', port:port);
vcf::check_granularity(app_info:app_info, sig_segments:2);
constraints = [
{ 'min_version' : '15.0.0', 'fixed_version' : '15.2.17' },
{ 'min_version' : '16.0.0', 'fixed_version' : '16.2.10' },
{ 'min_version' : '17.0.0', 'fixed_version' : '17.12.5' },
{ 'min_version' : '18.0.0', 'fixed_version' : '18.8.7' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | primavera_gateway | cpe:/a:oracle:primavera_gateway |
Related
nessus
nessus
Oracle Primavera Unifier Multiple Vulnerabilities (Oct 2019 CPU)
2019-10-21 00:00:00
Fedora 28 : apache-poi (2018-4f2c2615b3)
2019-01-03 00:00:00
Apache POI < 3.17 Multiple DoS Vulnerabilities
2018-02-09 00:00:00
ibm
ibm
redhatcve
redhatcve
veracode
veracode
Denial Of Service (DoS)
2018-01-29 04:14:26
Remote Code Execution (RCE)
2019-07-30 05:10:45
Remote Code Execution (RCE) Through Deserialization
2019-05-21 02:21:56
cve
cve
ubuntucve
ubuntucve
fedora
fedora
[SECURITY] Fedora 28 Update: apache-poi-3.17-1.fc28
2018-04-27 04:19:01
[SECURITY] Fedora 31 Update: jackson-bom-2.9.9-1.fc31
2019-09-18 00:07:22
[SECURITY] Fedora 31 Update: jackson-core-2.9.9-1.fc31
2019-09-18 00:07:22
debiancve
debiancve
github
github
Denial of Service in Apache POI
2021-01-14 19:18:22
Deserialization of untrusted data in FasterXML jackson-databind
2019-08-01 19:18:00
Information exposure in FasterXML jackson-databind
2019-05-23 09:32:24
symantec
symantec
osv
osv
Denial of Service in Apache POI
2021-01-14 19:18:22
CVE-2017-12626
2018-01-29 17:29:00
Information exposure in FasterXML jackson-databind
2019-05-23 09:32:24
prion
prion
Denial of service
2018-01-29 17:29:00
Remote code execution
2019-07-29 12:15:00
Design/Logic Flaw
2019-05-17 17:29:00
openvas
openvas
Fedora Update for jackson-core FEDORA-2019-fb23eccc03
2019-09-23 00:00:00
Fedora Update for jackson-annotations FEDORA-2019-99ff6aa32c
2020-01-09 00:00:00
Fedora Update for jackson-databind FEDORA-2019-99ff6aa32c
2020-01-09 00:00:00
redhat
redhat
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind
2020-05-22 17:10:10
Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind
2019-05-26 03:19:49
freebsd
freebsd
Payara -- A Polymorphic Typing issue in FasterXML jackson-databind
2019-05-17 00:00:00
debian
debian
[SECURITY] [DLA 1798-1] jackson-databind security update
2019-05-21 12:59:15
[SECURITY] [DLA 1879-1] jackson-databind security update
2019-08-12 22:19:38
[SECURITY] [DSA 4452-1] jackson-databind security update
2019-05-24 21:04:55
rocky
rocky
pki-core:10.6 and pki-deps:10:6 bug fix and enhancement update
2019-11-05 17:43:24
cloudfoundry
cloudfoundry
apple
apple
About the security content of Xcode 13.3
2022-03-14 00:00:00
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2021-03-27 17:27:02
ubuntu
ubuntu
Jackson Databind vulnerabilities
2021-03-15 00:00:00
hp
hp
HP Device Manager Security Updates
2023-10-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2019
2020-01-22 00:00:00
Oracle Critical Patch Update Advisory - January 2020
2020-01-14 00:00:00
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00