Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_PRIMAVERA_UNIFIER_CPU_JUL_2019.NASL
HistoryJul 19, 2019 - 12:00 a.m.

Oracle Primavera Unifier Multiple Vulnerabilities (Jul 2019 CPU)

2019-07-1900:00:00
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31
JSON

According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 15.x or 16.x prior to 16.2.15.9 or 17.7.x prior to 17.12.11 or 18.x prior to 18.8.11. It is, therefore, affected by multiple vulnerabilities:

  • A deserialization vulnerability exists in the Apache Solr subcomponent of Primavera Unifier. An unauthenticated, remote attacker can exploit this, via a specially crafted request to the Solr Config API, to execute arbitrary code on the target host. (CVE-2019-0192)

  • A denial of service (DoS) vulnerability exists in the Apache Tika subcomponent of Primavera Unifier due to incorrect parsing of a crafted sqlite file. An unauthenticated, remote attacker can exploit this issue by convincing a user to open a specially crafted file to cause the application to stop responding. (CVE-2018-17197)

  • A server side request forgery exists in the Apache Solr subcomponent of Primavera Unifier. An unauthenticated remote attacker can exploit this issue to make Solr perform an HTTP GET request to any reachable URL.
    (CVE-2017-3164)

  • A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user’s browser session, which could lead to unauthorized read, update, insert or delete access to a subset of Primavera Unifier data.
    (CVE-2015-9251)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(126829);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2015-9251",
    "CVE-2017-3164",
    "CVE-2018-17197",
    "CVE-2019-0192"
  );
  script_bugtraq_id(
    105658,
    106293,
    107026,
    107318
  );

  script_name(english:"Oracle Primavera Unifier Multiple Vulnerabilities (Jul 2019 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"An application running on the remote web server is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Oracle Primavera
Unifier installation running on the remote web server is 15.x or 16.x 
prior to 16.2.15.9 or 17.7.x prior to 17.12.11 or 18.x prior to 18.8.11. It is, 
therefore, affected by multiple vulnerabilities:

  - A deserialization vulnerability exists in the Apache Solr
    subcomponent of Primavera Unifier. An unauthenticated, 
    remote attacker can exploit this, via a specially crafted
    request to the Solr Config API, to execute arbitrary code 
    on the target host. (CVE-2019-0192)

  - A denial of service (DoS) vulnerability exists in the Apache
    Tika subcomponent of Primavera Unifier due to incorrect parsing
    of a crafted sqlite file. An unauthenticated, remote attacker 
    can exploit this issue by convincing a user to open a
    specially crafted file to cause the application to stop 
    responding. (CVE-2018-17197)

  - A server side request forgery exists in the Apache Solr
    subcomponent of Primavera Unifier. An unauthenticated 
    remote attacker can exploit this issue to make Solr
    perform an HTTP GET request to any reachable URL.
    (CVE-2017-3164)

  - A cross-site scripting (XSS) vulnerability exists due to 
    improper validation of user-supplied input before returning 
    it to users. An unauthenticated, remote attacker can exploit 
    this, by convincing a user to click a specially crafted URL, 
    to execute arbitrary script code in a user's browser session,
    which could lead to unauthorized read, update, insert or 
    delete access to a subset of Primavera Unifier data.
    (CVE-2015-9251)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9aa2b901");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Oracle Primavera Unifier version 16.2.15.9 / 17.12.11 / 18.8.11 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0192");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/19");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:primavera_unifier");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_primavera_unifier.nbin");
  script_require_keys("installed_sw/Oracle Primavera Unifier", "www/weblogic");
  script_require_ports("Services/www", 8002);

  exit(0);
}

include('http.inc');
include('vcf.inc');

get_install_count(app_name:'Oracle Primavera Unifier', exit_if_zero:TRUE);

port = get_http_port(default:8002);
get_kb_item_or_exit('www/weblogic/' + port + '/installed');

app_info = vcf::get_app_info(app:'Oracle Primavera Unifier', port:port);

vcf::check_granularity(app_info:app_info, sig_segments:3);

constraints = [
  { 'min_version' : '15.1.0.0', 'fixed_version' : '16.2.15.9' },
  { 'min_version' : '17.7.0.0', 'fixed_version' : '17.12.11' },
  { 'min_version' : '18.8.0.0', 'fixed_version' : '18.8.11' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
oracleprimavera_unifiercpe:/a:oracle:primavera_unifier

Related

openvas 3
debiancve 4
ibm 51
cve 5
redhatcve 2
veracode 3
osv 11
prion 4
github 4
ubuntucve 4
f5 1
ics 3
cloudfoundry 1
attackerkb 1
alpinelinux 1
nessus 37
freebsd 2
checkpoint_advisories 1
githubexploit 1
hackerone 2
atlassian 3
fortinet 1
archlinux 2
laminas 2
redhat 11
thn 2
suse 1
amazon 2
oraclelinux 3
rocky 2
centos 1
almalinux 2
oracle 9
openvas
openvas
Apache Tika Server < 1.20 Denial of Service Vulnerability
2018-12-27 00:00:00
jQuery < 3.0.0 XSS Vulnerability
2018-11-01 00:00:00
openSUSE: Security Advisory for Recommended (openSUSE-SU-2020:0395-1)
2020-03-29 00:00:00
debiancve
debiancve
CVE-2018-17197
2018-12-24 14:29:00
CVE-2017-3164
2019-03-08 21:29:00
CVE-2015-9251
2018-01-18 23:29:00
ibm
ibm
Security Bulletin: IBM QRadar Incident Forensics is vulnerable to a publicly disclosed vulnerability in Apache Tika (CVE-2018-17197)
2019-07-10 15:40:02
Security Bulletin: Potential vulnerability (SSRF) in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2017-3164)
2021-08-03 09:07:34
Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities (CVE-2017-3164)
2020-04-14 15:03:18
cve
cve
CVE-2018-17197
2018-12-24 14:29:00
CVE-2017-3164
2019-03-08 21:29:00
CVE-2015-9251
2018-01-18 23:29:00
redhatcve
redhatcve
CVE-2018-17197
2019-01-07 10:20:00
CVE-2019-0192
2019-10-10 17:40:21
veracode
veracode
Denial Of Service (DoS)
2018-12-24 03:26:35
Cross-site Request Forgery (CSRF)
2019-07-08 14:26:25
Remote Code Execution (RCE)
2019-03-08 03:28:52
osv
osv
Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser
2018-12-26 17:45:07
CVE-2018-17197
2018-12-24 14:29:00
CVE-2017-3164
2019-03-08 21:29:00
prion
prion
Code injection
2018-12-24 14:29:00
Server side request forgery (ssrf)
2019-03-08 21:29:00
Cross site scripting
2018-01-18 23:29:00
github
github
Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser
2018-12-26 17:45:07
Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core
2019-03-14 15:39:56
Cross-Site Scripting (XSS) in jquery
2018-01-22 13:32:06
ubuntucve
ubuntucve
CVE-2018-17197
2018-12-24 00:00:00
CVE-2017-3164
2019-03-08 00:00:00
CVE-2015-9251
2018-01-18 00:00:00
f5
f5
K29562170 : jQuery vulnerability CVE-2015-9251
2020-02-19 00:00:00
ics
ics
AVEVA InTouch Access Anywhere
2018-07-31 12:00:00
Philips Vue PACS (Update C)
2023-02-21 12:00:00
Pepperl+Fuchs WirelessHART-Gateway
2022-04-07 12:00:00
cloudfoundry
cloudfoundry
CVE-2015-9251: UAA contains vulnerable jQuery version | Cloud Foundry
2019-07-08 00:00:00
attackerkb
attackerkb
CVE-2015-9251
2018-01-18 00:00:00
alpinelinux
alpinelinux
CVE-2015-9251
2018-01-18 23:29:00
nessus
nessus
JQuery < 3.0.0 XSS
2019-05-15 00:00:00
FreeBSD : rt -- XSS via jQuery (416ca0f4-3fe0-11e9-bbdd-6805ca0b3d42)
2019-03-07 00:00:00
Apache Solr 5.x <= 5.5.5 or 6.x <= 6.6.5 Deserialization Vulnerability (CVE-2019-0192)
2019-07-03 00:00:00
freebsd
freebsd
rt -- XSS via jQuery
2019-03-05 00:00:00
RDoc -- multiple jQuery vulnerabilities
2019-08-28 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Solr Config API Insecure Deserialization Remote Code Execution (CVE-2019-0192)
2019-04-03 00:00:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Solr
2019-11-01 13:46:37
hackerone
hackerone
Ruby: Ruby is shipping a vulnerable jQuery
2019-03-30 14:10:34
U.S. Dept Of Defense: Remote Code Execution on █████████
2020-08-19 04:07:49
atlassian
atlassian
Jira uses vulnerable jQuery version CVE-2015-9251
2020-04-20 13:29:57
The jQuery version used in JIRA needs to be updated
2015-05-18 09:31:54
Update jQuery to avoid CVE-2020-11022, CVE-2020-11023, and CVE-2015-9251
2021-02-16 18:28:38
fortinet
fortinet
Protect
2019-04-10 00:00:00
archlinux
archlinux
[ASA-201910-4] ruby-rdoc: cross-site scripting
2019-10-02 00:00:00
[ASA-201910-5] ruby2.5: multiple issues
2019-10-02 00:00:00
laminas
laminas
XSS and RCE vectors in laminas-api-tools/api-tools-documentation-swagger
2020-04-01 21:30:00
XSS vectors in laminas-api-tools/api-tools
2020-04-01 21:30:00
redhat
redhat
(RHSA-2020:0481) Important: Red Hat JBoss Fuse/A-MQ 6.3 R15 security and bug fix update
2020-02-12 15:24:44
(RHSA-2020:0729) Important: Red Hat Data Grid 7.3.5 security update
2020-03-05 13:05:49
(RHSA-2019:2413) Important: Red Hat Fuse 7.4.0 security update
2019-08-08 10:07:26
thn
thn
Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List
2019-07-25 09:38:00
Critical Flaws Reported in Philips Vue PACS Medical Imaging Systems
2021-07-09 07:00:00
suse
suse
Recommended update for ruby2.5 (important)
2020-03-28 00:00:00
amazon
amazon
Important: ruby24
2020-08-26 23:09:00
Medium: ipa
2020-10-22 17:40:00
oraclelinux
oraclelinux
ipa security, bug fix, and enhancement update
2020-10-06 00:00:00
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-10 00:00:00
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-10 00:00:00
rocky
rocky
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-03 12:29:58
centos
centos
ipa, python2 security update
2020-10-20 18:15:27
almalinux
almalinux
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-03 12:29:58
oracle
oracle
Oracle Critical Patch Update Advisory - July 2019
2019-07-16 00:00:00
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00
JSON
Related for ORACLE_PRIMAVERA_UNIFIER_CPU_JUL_2019.NASL
openvas3debiancve4ibm51cve5redhatcve2veracode3osv11prion4github4ubuntucve4f51ics3cloudfoundry1attackerkb1alpinelinux1nessus37freebsd2checkpoint_advisories1githubexploit1hackerone2atlassian3fortinet1archlinux2laminas2redhat11thn2suse1amazon2oraclelinux3rocky2centos1almalinux2oracle9