Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2021-1989-1.NASL
HistoryJun 21, 2021 - 12:00 a.m.

SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2021:1989-1)

2021-06-2100:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
50
JSON

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:1989-1 advisory.

  • Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;
    Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2021-2163)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2021:1989-1. The text itself
# is copyright (C) SUSE.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(150890);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/13");

  script_cve_id("CVE-2021-2163");
  script_xref(name:"IAVA", value:"2021-A-0195");
  script_xref(name:"SuSE", value:"SUSE-SU-2021:1989-1");
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");

  script_name(english:"SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2021:1989-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced
in the SUSE-SU-2021:1989-1 advisory.

  - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java
    SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;
    Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to
    exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to
    compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human
    interaction from a person other than the attacker. Successful attacks of this vulnerability can result in
    unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded,
    Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments
    that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox
    for security. (CVE-2021-2163)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185055");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-2163");
  # https://lists.suse.com/pipermail/sle-security-updates/2021-June/009025.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cea74979");
  script_set_attribute(attribute:"solution", value:
"Update the affected java-1_8_0-openjdk, java-1_8_0-openjdk-demo, java-1_8_0-openjdk-devel and / or java-1_8_0-openjdk-
headless packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-2163");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/06/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/06/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15|SLES_SAP15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);

var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0|1|2|3)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP0/1/2/3", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(0|1)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP0/1", os_ver + " SP" + service_pack);

var pkgs = [
    {'reference':'java-1_8_0-openjdk-1.8.0.292-3.52', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},
    {'reference':'java-1_8_0-openjdk-demo-1.8.0.292-3.52', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},
    {'reference':'java-1_8_0-openjdk-devel-1.8.0.292-3.52', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},
    {'reference':'java-1_8_0-openjdk-headless-1.8.0.292-3.52', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},
    {'reference':'java-1_8_0-openjdk-1.8.0.292-3.52', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'java-1_8_0-openjdk-demo-1.8.0.292-3.52', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'java-1_8_0-openjdk-devel-1.8.0.292-3.52', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'java-1_8_0-openjdk-headless-1.8.0.292-3.52', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'java-1_8_0-openjdk-1.8.0.292-3.52', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-legacy-release-15.2']},
    {'reference':'java-1_8_0-openjdk-demo-1.8.0.292-3.52', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-legacy-release-15.2']},
    {'reference':'java-1_8_0-openjdk-devel-1.8.0.292-3.52', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-legacy-release-15.2']},
    {'reference':'java-1_8_0-openjdk-headless-1.8.0.292-3.52', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-legacy-release-15.2']},
    {'reference':'java-1_8_0-openjdk-1.8.0.292-3.52', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-legacy-release-15.3']},
    {'reference':'java-1_8_0-openjdk-demo-1.8.0.292-3.52', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-legacy-release-15.3']},
    {'reference':'java-1_8_0-openjdk-devel-1.8.0.292-3.52', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-legacy-release-15.3']},
    {'reference':'java-1_8_0-openjdk-headless-1.8.0.292-3.52', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-legacy-release-15.3']},
    {'reference':'java-1_8_0-openjdk-1.8.0.292-3.52', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},
    {'reference':'java-1_8_0-openjdk-demo-1.8.0.292-3.52', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},
    {'reference':'java-1_8_0-openjdk-devel-1.8.0.292-3.52', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},
    {'reference':'java-1_8_0-openjdk-headless-1.8.0.292-3.52', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},
    {'reference':'java-1_8_0-openjdk-1.8.0.292-3.52', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
    {'reference':'java-1_8_0-openjdk-demo-1.8.0.292-3.52', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
    {'reference':'java-1_8_0-openjdk-devel-1.8.0.292-3.52', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
    {'reference':'java-1_8_0-openjdk-headless-1.8.0.292-3.52', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
    {'reference':'java-1_8_0-openjdk-1.8.0.292-3.52', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-15.1']},
    {'reference':'java-1_8_0-openjdk-demo-1.8.0.292-3.52', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-15.1']},
    {'reference':'java-1_8_0-openjdk-devel-1.8.0.292-3.52', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-15.1']},
    {'reference':'java-1_8_0-openjdk-headless-1.8.0.292-3.52', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-15.1']}
];

var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var exists_check = NULL;
  var rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && _release) {
    if (exists_check) {
      var check_flag = 0;
      foreach var check (exists_check) {
        if (!rpm_exists(release:_release, rpm:check)) continue;
        if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;
        check_flag++;
      }
      if (!check_flag) continue;
    }
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  var ltss_plugin_caveat = NULL;
  if(ltss_caveat_required) ltss_plugin_caveat = '\n' +
    'NOTE: This vulnerability check contains fixes that apply to\n' +
    'packages only available in SUSE Enterprise Linux Server LTSS\n' +
    'repositories. Access to these package security updates require\n' +
    'a paid SUSE LTSS subscription.\n';
  security_report_v4(
      port       : 0,
      severity   : SECURITY_NOTE,
      extra      : rpm_report_get() + ltss_plugin_caveat
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1_8_0-openjdk / java-1_8_0-openjdk-demo / etc');
}
VendorProductVersionCPE
novellsuse_linuxjava-1_8_0-openjdkp-cpe:/a:novell:suse_linux:java-1_8_0-openjdk
novellsuse_linuxjava-1_8_0-openjdk-demop-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo
novellsuse_linuxjava-1_8_0-openjdk-develp-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel
novellsuse_linuxjava-1_8_0-openjdk-headlessp-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless
novellsuse_linux15cpe:/o:novell:suse_linux:15

Related

nessus 51
almalinux 2
ibm 59
osv 4
oraclelinux 4
redhat 16
ubuntucve 1
prion 1
openvas 32
amazon 1
cvelist 1
cve 1
debiancve 1
redhatcve 1
veracode 1
centos 2
f5 1
alpinelinux 1
ubuntu 1
mageia 1
suse 7
fedora 6
kaspersky 1
debian 1
rosalinux 1
aix 1
nessus
nessus
openSUSE 15 Security Update : java-1_8_0-openjdk (openSUSE-SU-2021:0933-1)
2021-06-28 00:00:00
Oracle Linux 8 : java-1.8.0-openjdk (ELSA-2021-1301)
2021-04-21 00:00:00
RHEL 8 : java-1.8.0-openjdk (RHSA-2021:1315)
2021-04-21 00:00:00
almalinux
almalinux
Moderate: java-11-openjdk security update
2021-04-20 21:33:58
Moderate: java-1.8.0-openjdk security update
2021-04-20 20:58:47
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2021-2163)
2022-12-13 11:46:54
Security Bulletin: A vulnerability in Java may affect IBM Robotic Process Automation (CVE-2021-2163)
2023-01-04 21:16:35
Security Bulletin: IBM TXSeries for Multiplatforms is vulnerable to no confidentiality impact, high integrity impact, and no availability impact (CVE-2021-2163)
2022-10-07 14:46:13
osv
osv
openjdk-8, openjdk-lts vulnerability
2021-04-27 16:49:59
openjdk-8 - security update
2021-04-23 00:00:00
CVE-2021-2163
2021-04-22 22:15:13
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2021-04-21 00:00:00
java-11-openjdk security and bug fix update
2021-04-21 00:00:00
java-1.8.0-openjdk security update
2021-04-21 00:00:00
redhat
redhat
(RHSA-2021:1297) Moderate: java-11-openjdk security and bug fix update
2021-04-20 20:54:47
(RHSA-2021:1306) Moderate: java-11-openjdk security update
2021-04-20 21:27:06
(RHSA-2021:1444) Moderate: OpenJDK 8u292 Security Update for Portable Linux Builds
2021-04-28 12:29:11
ubuntucve
ubuntucve
CVE-2021-2163
2021-04-20 00:00:00
prion
prion
Design/Logic Flaw
2021-04-22 22:15:00
openvas
openvas
Debian: Security Advisory (DSA-4899-1)
2021-04-25 00:00:00
CentOS: Security Advisory for java (CESA-2021:1298)
2021-05-01 00:00:00
CentOS: Security Advisory for java-11-openjdk (CESA-2021:1297)
2021-05-01 00:00:00
amazon
amazon
Medium: java-1.8.0-openjdk
2021-07-08 18:38:00
cvelist
cvelist
CVE-2021-2163
2021-04-22 21:53:46
cve
cve
CVE-2021-2163
2021-04-22 22:15:00
debiancve
debiancve
CVE-2021-2163
2021-04-22 22:15:00
redhatcve
redhatcve
CVE-2021-2163
2021-04-20 20:43:56
veracode
veracode
Authorization Bypass
2021-04-24 22:10:55
centos
centos
java security update
2021-04-29 17:56:29
java security update
2021-04-29 17:55:30
f5
f5
K71522481 : Java vulnerability CVE-2021-2163
2022-12-06 00:00:00
alpinelinux
alpinelinux
CVE-2021-2163
2021-04-22 22:15:00
ubuntu
ubuntu
OpenJDK vulnerability
2021-04-27 00:00:00
mageia
mageia
Updated java-openjdk packages fix security vulnerabilities
2021-06-29 01:51:23
suse
suse
Security update for java-1_8_0-openj9 (moderate)
2021-07-11 00:00:00
Security update for java-1_8_0-openjdk (moderate)
2021-06-28 00:00:00
Security update for java-1_8_0-openj9 (moderate)
2021-05-23 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: java-11-openjdk-11.0.11.0.9-0.fc33
2021-04-24 18:07:10
[SECURITY] Fedora 34 Update: java-11-openjdk-11.0.11.0.9-0.fc34
2021-04-26 00:27:09
[SECURITY] Fedora 32 Update: java-11-openjdk-11.0.11.0.9-0.fc32
2021-05-01 01:31:17
kaspersky
kaspersky
KLA12159 Multiple vulnerabilities in Oracle Java SE
2021-04-20 00:00:00
debian
debian
[SECURITY] [DLA 2634-1] openjdk-8 security update
2021-04-23 11:31:36
rosalinux
rosalinux
Advisory ROSA-SA-2023-2133
2023-03-21 12:31:42
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2022-12-22 10:09:37
JSON
Related for SUSE_SU-2021-1989-1.NASL
nessus51almalinux2ibm59osv4oraclelinux4redhat16ubuntucve1prion1openvas32amazon1cvelist1cve1debiancve1redhatcve1veracode1centos2f51alpinelinux1ubuntu1mageia1suse7fedora6kaspersky1debian1rosalinux1aix1