Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_TIMESTEN_OCT2023_CPU.NASLHistoryDec 27, 2023 - 12:00 a.m.
Oracle TimesTen 18.x < 18.1.4.39.0, 22.x < 22.1.1.18.0 Multiple Vulnerabilities (October 2023 CPU)
2023-12-2700:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
34
oracle timesten
multiple vulnerabilities
october 2023 cpu
security-in-depth issue
em timesten plug-in
golang go
netty
cve-2023-29402
cve-2023-29403
cve-2023-29404
cve-2023-29405
cve-2023-34462
unauthorized access
denial of service
6.9 Medium
AI Score
Confidence
High
The version of Oracle TimesTen installed on the remote host is 18.x prior to 18.1.4.39.0 or 22.x prior to 22.1.1.18.0.
It is, therefore, affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory:
-
Security-in-Depth issue in the TimesTen In-Memory Database product of Oracle TimesTen In-Memory Database (component: EM TimesTen plug-in (Golang Go)). This vulnerability cannot be exploited in the context of this product. (CVE-2023-29402, CVE-2023-29403, CVE-2023-29404 and CVE-2023-29405)
-
Vulnerability in the TimesTen In-Memory Database product of Oracle TimesTen In-Memory Database (component: EM TimesTen plug-in (Netty)). Supported versions that are affected are Prior to 22.1.1.18.0 and Prior to 18.1.4.39.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise TimesTen In-Memory Database. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of TimesTen In-Memory Database.
(CVE-2023-34462)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(187317);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/28");
script_cve_id(
"CVE-2023-29402",
"CVE-2023-29403",
"CVE-2023-29404",
"CVE-2023-29405",
"CVE-2023-34462"
);
script_name(english:"Oracle TimesTen 18.x < 18.1.4.39.0, 22.x < 22.1.1.18.0 Multiple Vulnerabilities (October 2023 CPU)");
script_set_attribute(attribute:"synopsis", value:
"The Oracle TimesTen instance installed on the remote host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Oracle TimesTen installed on the remote host is 18.x prior to 18.1.4.39.0 or 22.x prior to 22.1.1.18.0.
It is, therefore, affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory:
- Security-in-Depth issue in the TimesTen In-Memory Database product of Oracle TimesTen In-Memory Database
(component: EM TimesTen plug-in (Golang Go)). This vulnerability cannot be exploited in the context of this
product. (CVE-2023-29402, CVE-2023-29403, CVE-2023-29404 and CVE-2023-29405)
- Vulnerability in the TimesTen In-Memory Database product of Oracle TimesTen In-Memory Database (component: EM
TimesTen plug-in (Netty)). Supported versions that are affected are Prior to 22.1.1.18.0 and Prior to
18.1.4.39.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to
compromise TimesTen In-Memory Database. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of TimesTen In-Memory Database.
(CVE-2023-34462)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cpuoct2023cvrf.xml");
script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuoct2023.html");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2023 Oracle Critical Patch Update advisory.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-29405");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/10/17");
script_set_attribute(attribute:"patch_publication_date", value:"2023/10/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/12/27");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:timesten_in-memory_database");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("oracle_timesten_imdb_win_installed.nbin", "oracle_timesten_imdb_nix_installed.nbin");
script_require_keys("installed_sw/Oracle TimesTen In-Memory Database");
exit(0);
}
include('vcf.inc');
var app = 'Oracle TimesTen In-Memory Database';
var app_info = vcf::combined_get_app_info(app:app);
var constraints = [
{ 'min_version' : '18.0', 'fixed_version' : '18.1.4.39.0' },
{ 'min_version' : '22.0', 'fixed_version' : '22.1.1.18.0' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | timesten_in-memory_database | cpe:/a:oracle:timesten_in-memory_database |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29402
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29403
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29404
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29405
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34462
www.oracle.com/docs/tech/security-alerts/cpuoct2023cvrf.xml
www.oracle.com/security-alerts/cpuoct2023.html
Related
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.19 (SUSE-SU-2023:2525-1)
2023-06-17 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20 (SUSE-SU-2023:2526-1)
2023-06-17 00:00:00
EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-2859)
2024-01-16 00:00:00
redhat
redhat
(RHSA-2023:3920) Critical: go-toolset-1.19 and go-toolset-1.19-golang security update
2023-06-29 05:25:55
(RHSA-2023:3923) Critical: go-toolset and golang security update
2023-06-29 09:38:01
(RHSA-2023:3922) Critical: go-toolset:rhel8 security update
2023-06-29 08:54:12
mageia
mageia
Updated golang packages fix security vulnerability
2023-07-07 08:54:45
rocky
rocky
go-toolset and golang security update
2023-07-08 02:54:41
oraclelinux
oraclelinux
go-toolset:ol8 security update
2023-07-04 00:00:00
go-toolset and golang security update
2023-07-07 00:00:00
openvas
openvas
Fedora: Security Advisory for golang (FEDORA-2023-1819dc9854)
2023-08-12 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2859)
2023-09-20 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2842)
2023-09-20 00:00:00
osv
osv
Critical: go-toolset:rhel8 security update
2023-06-29 00:00:00
Critical: go-toolset and golang security update
2023-07-08 02:54:41
Critical: go-toolset and golang security update
2023-06-29 00:00:00
almalinux
almalinux
Critical: go-toolset:rhel8 security update
2023-06-29 00:00:00
Critical: go-toolset and golang security update
2023-06-29 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: golang-1.20.6-1.fc38
2023-07-21 02:27:24
[SECURITY] Fedora 37 Update: golang-1.19.12-1.fc37
2023-08-11 01:01:43
ibm
ibm
Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to multiple ansible-operator and opm vulnerabilities
2024-03-18 14:14:58
Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Golang Go
2023-07-25 06:12:54
Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST
2023-10-10 20:58:35
redos
redos
ROS-20231109-01
2023-11-09 00:00:00
ROS-20240514-04
2024-05-14 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2023-04-27 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-29403 affecting package msft-golang for versions less than 1.20.7-1
2024-05-13 09:07:01
CVE-2023-29405 affecting package golang for versions less than 1.20.7-1
2024-05-13 09:06:53
redhatcve
redhatcve
veracode
veracode
Privilege Escalation
2023-07-10 00:03:06
Code Injection
2023-07-10 00:12:02
Argument Injection
2023-07-10 00:01:18
debiancve
debiancve
cvelist
cvelist
Unsafe behavior in setuid/setgid binaries in runtime
2023-06-08 20:19:13
Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go
2023-06-08 20:19:19
Code injection via go command with cgo in cmd/go
2023-06-08 20:19:04
cve
cve
prion
prion
Design/Logic Flaw
2023-06-08 21:15:00
Command injection
2023-06-08 21:15:00
Command injection
2023-06-08 21:15:00
ubuntucve
ubuntucve
wolfi
wolfi
CVE-2023-29405 vulnerabilities
2024-05-13 09:06:53
CVE-2023-34462 vulnerabilities
2024-05-13 09:06:53
CVE-2023-29403 vulnerabilities
2024-05-13 09:06:53
cgr
cgr
CVE-2023-29405 vulnerabilities
2024-05-13 09:06:52
CVE-2023-29403 vulnerabilities
2024-05-13 09:06:52
CVE-2023-34462 vulnerabilities
2024-05-13 09:06:52
amazon
amazon
Important: golang
2023-07-13 23:57:00
Important: golang
2023-07-17 17:39:00
Important: golang
2023-07-20 17:29:00
alpinelinux
alpinelinux
github
github
netty-handler SniHandler 16MB allocation
2023-06-20 16:33:22
rosalinux
rosalinux
Advisory ROSA-SA-2023-2304
2023-12-12 12:18:26
photon
photon
Critical Photon OS Security Update - PHSA-2023-5.0-0037
2023-06-23 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0043
2023-07-04 00:00:00
debian
debian
[SECURITY] [DSA 5558-1] netty security update
2023-11-18 16:51:13
f5
f5
gentoo
gentoo
Go: Multiple Vulnerabilities
2023-11-25 00:00:00