5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:N/A:P
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
0.001 Low
EPSS
Percentile
41.6%
The version of Oracle Secure Global Desktop installed on the remote host is 4.71 or 5.2 and is missing a security patch from the October 2016 Critical Patch Update (CPU). It is, therefore, affected by an unspecified vulnerability in the web services component. An authenticated, remote attacker can exploit this vulnerability to affect the confidentiality and availability of the host. No further details have been provided by the vendor.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(94436);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/10/25");
script_cve_id("CVE-2016-5580");
script_bugtraq_id(93632);
script_name(english:"Oracle Secure Global Desktop Unspecified Vulnerability (October 2016 CPU)");
script_summary(english:"Checks the version of Oracle Secure Global Desktop.");
script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote host is affected by an
unspecified vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Oracle Secure Global Desktop installed on the remote
host is 4.71 or 5.2 and is missing a security patch from the October
2016 Critical Patch Update (CPU). It is, therefore, affected by an
unspecified vulnerability in the web services component. An
authenticated, remote attacker can exploit this vulnerability to
affect the confidentiality and availability of the host. No further
details have been provided by the vendor.");
# https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixOVIR
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d60be671");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2016 Oracle
Critical Patch Update advisory.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/18");
script_set_attribute(attribute:"patch_publication_date", value:"2016/10/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/31");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:virtualization_secure_global_desktop");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
script_dependencies("oracle_secure_global_desktop_installed.nbin");
script_require_keys("Host/Oracle_Secure_Global_Desktop/Version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
app = "Oracle Secure Global Desktop";
version = get_kb_item_or_exit("Host/Oracle_Secure_Global_Desktop/Version");
# this check is for Oracle Secure Global Desktop packages built for Linux platform
uname = get_kb_item_or_exit("Host/uname");
if ("Linux" >!< uname) audit(AUDIT_OS_NOT, "Linux");
fix_required = NULL;
if (version =~ "^5\.20($|\.)") fix_required = 'Patch_52p7';
else if (version =~ "^4\.71($|\.)") fix_required = 'Patch_471p10';
if (isnull(fix_required)) audit(AUDIT_INST_VER_NOT_VULN, "Oracle Secure Global Desktop", version);
patches = get_kb_list("Host/Oracle_Secure_Global_Desktop/Patches");
patched = FALSE;
foreach patch (patches)
{
if (patch == fix_required)
{
patched = TRUE;
break;
}
}
if (patched) audit(AUDIT_INST_VER_NOT_VULN, app, version + ' (with ' + fix_required + ')');
report = '\n Installed version : ' + version +
'\n Patch required : ' + fix_required +
'\n';
security_report_v4(port:0, extra:report, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | virtualization_secure_global_desktop | cpe:/a:oracle:virtualization_secure_global_desktop |
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:N/A:P
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
0.001 Low
EPSS
Percentile
41.6%