DATABASE RESOURCES PRICING ABOUT US

{"id": "ORACLE_WEBCENTER_PORTAL_CPU_OCT_2019.NBIN", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Oracle WebCenter Portal Arbitrary File Read (Oct 2019 CPU)", "description": "The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the October 2019 Critical Patch Update (CPU). It is, therefore, affected by an arbitrary file read vulnerability in the FasterXML jackson-databind subcomponent. This is due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. An unauthenticated, remote attacker can exploit this, via sending a crafted JSON message, to read arbitrary files and disclose sensitive information.", "published": "2019-10-17T00:00:00", "modified": "2023-05-03T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/130005", "reporter": "This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086", "http://www.nessus.org/u?468fc0c9"], "cvelist": [], "immutableFields": [], "lastseen": "2023-05-24T14:30:46", "viewCount": 7, "enchantments": {"dependencies": {"references": []}, "score": {"value": 0.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2019-12086"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1798-1:61C44", "DEBIAN:DSA-4452-1:F65D2"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-12086"]}, {"type": "fedora", "idList": ["FEDORA:0730C6051059", "FEDORA:0D4A66058533", "FEDORA:2ED3A6058506", "FEDORA:30E656126A67", "FEDORA:4FB5560427DA", "FEDORA:53C3261278CC", "FEDORA:5E5506051725", "FEDORA:758FA61278EA", "FEDORA:882916051CFA", "FEDORA:A8ABE60560A2", "FEDORA:BA292604B38E", "FEDORA:DA60861278C0"]}, {"type": "freebsd", "idList": ["BD159669-0808-11EB-A3A4-0019DBB15B3F"]}, {"type": "github", "idList": ["GHSA-5WW9-J83M-Q7QX"]}, {"type": "githubexploit", "idList": ["95E9031F-A021-5296-ADC3-71E43A95A049", "B4CCD6DC-671B-58FE-9826-B4F9C361A650"]}, {"type": "ibm", "idList": ["1A7668E81452E83AB00678328095567DA17543F8BDE6DB1EE678E96C5B064FD6", "C034F4A93C7986F86B5276634B82B774DA1796B9A2CC2371DA4859670D82233E"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/RED_HAT-JBOSS_EAP-CVE-2019-10202/"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1798.NASL", "DEBIAN_DSA-4452.NASL", "FEDORA_2019-99FF6AA32C.NASL", "FEDORA_2019-AE6A703B8F.NASL", "FEDORA_2019-FB23ECCC03.NASL", "FREEBSD_PKG_BD159669080811EBA3A40019DBB15B3F.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704452", "OPENVAS:1361412562310891798"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2019-5072832"]}, {"type": "redhat", "idList": ["RHSA-2019:2935", "RHSA-2020:1454"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-12086"]}, {"type": "symantec", "idList": ["SMNTC-109227"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-12086"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-12086", "epss": 0.00202, "percentile": 0.56623, "modified": "2023-05-07"}], "vulnersScore": 0.7}, "_state": {"dependencies": 1685064693, "score": 1685065076, "epss": 0}, "_internal": {"score_hash": "54cc76bac2846349ff099d9863492aea"}, "pluginID": "130005", "sourceData": "Binary data oracle_webcenter_portal_cpu_oct_2019.nbin", "naslFamily": "Misc.", "cpe": ["cpe:/a:oracle:fusion_middleware"], "solution": "Apply the appropriate patch according to the October 2019 Oracle Critical Patch Update advisory.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2019-12086", "vendor_cvss2": {"score": 5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "vendor_cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "vpr": {"risk factor": "Medium", "score": "4.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2019-10-15T00:00:00", "vulnerabilityPublicationDate": "2019-05-17T00:00:00", "exploitableWith": []}

{}