A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0303 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3407 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-3407-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                          Adrian Bunk     April 30, 2023                                https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : jackson-databind     Version        : 2.9.8-3+deb10u5     CVE ID         : CVE-2020-10650

    One more gadget type (ignite-jta) is being blocked in the Jackson Data     Processor library for processing JSON and other data formats in Java.

    For Debian 10 buster, this problem has been fixed in version     2.9.8-3+deb10u5.

    We recommend that you upgrade your jackson-databind packages.

    For the detailed security status of jackson-databind please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/jackson-databind

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.1.x or 16.2.x prior to 16.2.16.2, or 17.7.x through 17.12.x prior to 17.12.11.4, or 18.8.x prior to 18.8.17, or 19.12.x prior to 19.12.7. It is, therefore, affected by multiple vulnerabilities, including the following:

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform     (jackson-databind)). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8 and 19.12.
    Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to     compromise Primavera Unifier. Successful attacks of this vulnerability can result in takeover of Primavera     Unifier. (CVE-2020-9546)

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Core     (Apache Ant)). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8 and 19.12. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized creation, deletion     or modification access to critical data or all Primavera Unifier accessible data as well as unauthorized     access to critical data or complete access to all Primavera Unifier accessible data. (CVE-2020-1945)

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Mobile     App). The supported version that is affected is Prior to 20.6. Difficult to exploit vulnerability allows     unauthenticated attacker with network access via HTTPS to compromise Primavera Unifier. Successful attacks     require human interaction from a person other than the attacker. Successful attacks of this vulnerability     can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible     data as well as unauthorized update, insert or delete access to some of Primavera Unifier accessible data.
    (CVE-2020-14618)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
194923	Splunk Enterprise 9.0.0 < 9.0.9, 9.1.0 < 9.1.4, 9.2.0 < 9.2.1 (SVD-2024-0303)	Nessus	CGI abuses	critical
174969	Debian dla-3407 : libjackson2-databind-java - security update	Nessus	Debian Local Security Checks	high
138508	Oracle Primavera Unifier Multiple Vulnerabilities (Jul 2020 CPU)	Nessus	CGI abuses	critical

Detections

Analytics

CVE-2020-10650

high

Tenable Plugins

critical

high

critical