Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by the following vulnerabilities in its subcomponents:

  - Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when     alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results     are used with no namespace and in same time, its upper package have no or wildcard namespace and similar     to results, same possibility when using url tag which doesn't have value and action set and in same time,     its upper package have no or wildcard namespace. (CVE-2018-11776)

  - The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31,     8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It     is expected that users of the CORS filter will have configured it appropriately for their environment     rather than using it in the default configuration. Therefore, it is expected that most users will not be     impacted by this issue. (CVE-2018-8014)

  - Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an     authorization bypass when using method security. An unauthorized malicious user can gain unauthorized     access to methods that should be restricted. (CVE-2018-1258)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle GoldenGate for Big Data application located on the remote host is 12.2.0.1.x less than 12.2.0.1.10 or 12.3.1.1.x less than 12.3.1.1.6. It is, therefore, affected by multiple vulnerabilities : 

  - An unspecified vulnerability exists in Oracle GoldenGate for Big Data.  An authenticated, remote attacker     can exploit this, via unknown vectors, to compromise confidentiality, integrity, and availability.
    (CVE-2016-0635)

  - An authorization bypass vulnerability exists in Spring Framework 5.0.5 when used in conjunction with     Spring Security and using method security. An authenticated, remote attacker can exploit this to gain     unauthorized access to methods that should be restricted. (CVE-2018-1258)

  - A remote code execution vulnerability exists in the Spring Framework. An unauthenticated, remote attacker     can exploit this to bypass authentication and execute arbitrary commands. (CVE-2018-1275)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component:

  - An unspecified vulnerability in the Enterprise Manager Base Platform component of   Oracle Enterprise Manager Products Suite (subcomponent: Connector Framework (Apache CXF)),   which could allow an unauthenticated, remote attacker to compromise   Enterprise Manager Base Platform. (CVE-2018-8039)

  - An unspecified vulnerability in the Oracle Enterprise Manager Base Platform component   of Oracle Enterprise Manager Products Suite (subcomponent: Valid Session (Apache ActiveMQ)),   which could allow an unauthenticated, remote attacker to compromise   Oracle Enterprise Manager Base Platform. (CVE-2019-0222)

  - An unspecified vulnerability in the Enterprise Manager Base Platform component of   Oracle Enterprise Manager Products Suite (subcomponent: Discovery Framework (OpenSSL)), which   could allow and unauthenticated, remote attacker to compromise   Enterprise Manager Base Platform. (CVE-2019-1559)

The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component:

  - A deserialization vulnerability in Apache Commons     FileUpload allows for remote code execution.
    (CVE-2016-1000031)

  - An information disclosure vulnerability exists in OpenSSL     due to the potential for a side-channel timing attack.
    An unauthenticated attacker can exploit this to disclose     potentially sensitive information. (CVE-2018-0734)

  - A denial of service (DoS) vulnerability exists in Apache     HTTP Server 2.4.17 to 2.4.34, due to a design error. An     unauthenticated, remote attacker can exploit this issue     by sending continuous, large SETTINGS frames to cause a     client to occupy a connection, server thread and CPU     time without any connection timeout coming to effect.
    This affects only HTTP/2 connections. A possible     mitigation is to not enable the h2 protocol.
    (CVE-2018-11763).

  - Networking component of Enterprise Manager Base Platform     (Spring Framework) is easily exploited and may allow an     unauthenticated, remote attacker to takeover the     Enterprise Manager Base Platform. (CVE-2018-1258)

The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component:

  - Networking component of Enterprise Manager Base Platform (Spring Framework)   is easily exploited and may allow an unauthenticated, remote attacker to takeover   the Enterprise Manager Base Platform.
  (CVE-2018-1258, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-15756)

  - Agent Next Gen (IBM Java) vulnerability allows unauthenticated, remote attacker   unauthorized access to critical data or complete access to all Enterprise Manager   Base Platform accessible data. (CVE-2018-1656, CVE-2018-12539)

  - An information disclosure vulnerability exists in OpenSSL due to the potential   for a side-channel timing attack. An unauthenticated attacker can exploit   this to disclose potentially sensitive information.   (CVE-2018-0734, CVE-2018-0735, CVE-2018-5407)

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities:

  - An unspecified vulnerability in the Spring Framework allows     a low privileged, remote attacker with network access via HTTP to     compromise and takeover the Oracle Communications Unified     Inventory Management. (CVE-2018-1258)   
  - An unspecified vulnerability in the WLS Core Component allows an     authenticated low privileged attacker with network     access via HTTP to compromise Oracle WebLogic Server, resulting     in unauthorized update, insert or delete access to Oracle     WebLogic Server accessible data. (CVE-2019-2568)

  - An unspecified vulnerability in the WLS Core Component which     allows an authenticated, high privileged attacker with network     access via HTTP to compromise Oracle WebLogic Server, resulting     in unauthorized access to critical data or complete access to all     Oracle WebLogic Server accessible data. (CVE-2019-2615)

  - An unspecified vulnerability in the WLS Core Component which     allows an authenticated, high privileged attacker with network     access via HTTP to compromise Oracle WebLogic Server, resulting     in unauthorized access to critical data or complete access to all     Oracle WebLogic Server accessible data as well as unauthorized     update, insert or delete access to some of Oracle WebLogic Server     accessible data. (CVE-2019-2618)

  - An unspecified vulnerability in the WLS Core Components allows     an unauthenticated, remote attacker with network access via T3 to     compromise and takeover the Oracle WebLogic Server.     (CVE-2019-2645)

  - An unspecified vulnerability in the EJB Container allows     an unauthenticated, remote attacker with network access via T3 to     compromise and takeover the Oracle WebLogic Server.     (CVE-2019-2646)

  - An unspecified vulnerability in the WLS - Web Services which     allows an authenticated, high privileged attacker with network     access via HTTP to compromise Oracle WebLogic Server, resulting     in unauthorized access to critical data or complete access to all     Oracle WebLogic Server accessible data.  (CVE-2019-2647)     (CVE-2019-2648) (CVE-2019-2649) (CVE-2019-2650)

  - An unspecified vulnerability in the WLS Core Component allows an     authenticated low privileged attacker with network     access via HTTP to compromise Oracle WebLogic Server, resulting     in unauthorized update, insert or delete access to Oracle     WebLogic Server accessible data. (CVE-2019-2658)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : 

  - Enterprise Manager Base Platform Agent Next Gen (Jython)     component of Oracle Enterprise Manager Products Suite is easily     exploited and can allow an unauthenticated attacker the ability     to takeover the Enterprise Manager Base Platform. (CVE-2016-4000)

  - Enterprise Manager Base Platform Discovery Framework (OpenSSL)     component of Oracle Enterprise Manager Products Suite is easily     exploited and can allow an unauthenticated attacker the ability     to cause a frequent crash (DoS) of the Enterprise Manager Base     Platform. (CVE-2018-0732)

  - Enterprise Manager Ops Center Networking (OpenSSL) component of     Oracle Enterprise Manager Products Suite is easily exploited     and can allow an unauthenticated attacker the ability to cause a     frequent crash (DoS) of the Enterprise Manager Ops Center     Platform. (CVE-2018-0732)

  - Oracle Application Testing Suite Load Testing for Web Apps     (Spring Framework) component of Oracle Enterprise Manager     Products Suite is easily exploited and can allow an     unauthenticated attacker the ability to takeover the Enterprise     Manager Base Platform. (CVE-2018-1258)

  - Enterprise Manager Base Platform EM Console component is easily     exploited by an unauthenticated attacker. Successful attacks     can result in unauthorized update, insert, or delete access.     (CVE-2018-3303)

  - Oracle Application Testing Suite Load Testing for Web Apps     component is easily exploited by an unauthenticated attacker.     Successful attacks can result in unauthorized update, insert, or     delete access and a partial denial of service. (CVE-2018-3304)

  - Oracle Application Testing Suite Load Testing for Web Apps     component is easily exploited by an unauthenticated attacker.     Successful attacks can result in unauthorized update, insert, or     delete access and a partial denial of service. (CVE-2018-3305)

  - Enterprise Manager for Virtualization Plug-In Lifecycle     (jackson-databind) component of Oracle Enterprise Manager     allows an unauthenticated attacker the ability to takeover      Enterprise Manager for Virtualization. (CVE-2018-12023)

  - Enterprise Manager for Virtualization Plug-In Lifecycle     (jackson-databind) component of Oracle Enterprise Manager     allows an unauthenticated attacker the ability to takeover      Enterprise Manager for Virtualization. (CVE-2018-14718)

  - Enterprise Manager Ops Center Networking (cURL) component of     Oracle Enterprise Manager allows an unauthenticated attacker the     ability to takeover Enterprise Manager Ops Center.     (CVE-2018-1000300)

ID	Name	Product	Family	Severity
138901	MySQL Enterprise Monitor 3.4.x < 3.4.10 / 4.x < 4.0.7 / 8.x < 8.0.3 Multiple Vulnerabilities (Oct 2018 CPU)	Nessus	CGI abuses	critical
134225	Oracle GoldenGate for Big Data 12.2.0.1.x < 12.2.0.1.10 / 12.3.1.1.x < 12.3.1.1.6 Multiple Vulnerabilities (Oct 2018 CPU)	Nessus	Misc.	critical
126775	Oracle Enterprise Manager Cloud Control (Jul 2019 CPU)	Nessus	Misc.	high
125147	Oracle Enterprise Manager Ops Center (Apr 2019 CPU)	Nessus	Misc.	critical
124157	Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)	Nessus	Misc.	high
124122	Oracle WebLogic Server Multiple Vulnerabilities (Apr 2019 CPU)	Nessus	Misc.	critical
121257	Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2019 CPU)	Nessus	Misc.	critical

Detections

Analytics

CVE-2018-1258

high

Tenable Plugins

critical

critical

high

critical

high

critical

critical