Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an     SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent     through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 (CVE-2020-9488)

Note that Nessus relies on the presence of the package as reported by the vendor.

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory.

  - Vulnerability in the Siebel Core - Automation product of Oracle Siebel CRM (component: Test Automation     (Eclipse Jetty)). Supported versions that are affected are 21.9 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via TLS to compromise Siebel Core -     Automation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or     frequently repeatable crash (complete DOS) of Siebel Core - Automation. (CVE-2021-28165)

  - Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI (Apache Tomcat)).
    Supported versions that are affected are 21.9 and prior. Easily exploitable vulnerability allows     unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful     attacks of this vulnerability can result in unauthorized access to critical data or complete access to all     Siebel UI Framework accessible data. (CVE-2021-25122)

  - Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI, SWSE (OpenSSL)).
    Supported versions that are affected are 21.9 and prior. Easily exploitable vulnerability allows     unauthenticated attacker with network access via TLS to compromise Siebel UI Framework. Successful attacks     of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel     UI Framework accessible data. (CVE-2016-2183)

  - Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing (Apache     Tomcat)). Supported versions that are affected are 21.9 and prior. Difficult to exploit vulnerability     allows low privileged attacker with logon to the infrastructure where Siebel Apps - Marketing executes to     compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in takeover of     Siebel Apps - Marketing. (CVE-2020-9484)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2021 CPU advisory.

  - Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI (jackson-databind)).
    Supported versions that are affected are 21.2 and prior. Difficult to exploit vulnerability allows     unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful     attacks of this vulnerability can result in takeover of Siebel UI Framework. (CVE-2020-14195)

  - Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI (Jersey)). Supported     versions that are affected are 21.2 and prior. Easily exploitable vulnerability allows low privileged     attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this     vulnerability can result in unauthorized access to critical data or complete access to all Siebel UI     Framework accessible data. (CVE-2019-10080)

  - Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI (jQuery)).
    Supported versions that are affected are 21.2 and prior. Easily exploitable vulnerability allows     unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful     attacks require human interaction from a person other than the attacker and while the vulnerability is in     Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this     vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework     accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data.
    (CVE-2019-11358)

  - Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI (jQuery     UI)). Supported versions that are affected are 21.2 and prior. Easily exploitable vulnerability allows     unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful     attacks require human interaction from a person other than the attacker and while the vulnerability is in     Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this     vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework     accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data.
    (CVE-2016-7103)

  - Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI (Apache Log4j)).
    Supported versions that are affected are 21.2 and prior. Difficult to exploit vulnerability allows     unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful     attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework     accessible data. (CVE-2020-9488)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2020 CPU advisory.

  - Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI, SWSE (Apache     Tomcat)). Supported versions that are affected are 20.5 and prior. Easily exploitable vulnerability allows     unauthenticated attacker with network access via multiple protocols to compromise Siebel UI Framework.
    Successful attacks of this vulnerability can result in takeover of Siebel UI Framework. (CVE-2020-1938)

  - Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI (jackson-databind)).
    Supported versions that are affected are 20.5 and prior. Easily exploitable vulnerability allows     unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful     attacks of this vulnerability can result in takeover of Siebel UI Framework. (CVE-2019-16943)

  - Vulnerability in the Siebel Engineering - Installer and Deployment product of Oracle Siebel CRM     (component: Siebel Approval Manager (jackson-databind)). Supported versions that are affected are 2.20.5     and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Siebel Engineering - Installer and Deployment. Successful attacks of this vulnerability can     result in takeover of Siebel Engineering - Installer and Deployment. (CVE-2019-16943)

  - Vulnerability in the Siebel Engineering - Installer and Deployment product of Oracle Siebel CRM     (component: Siebel Approval Manager (Log4j)). Supported versions that are affected are 2.20.5 and prior.
    Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to     compromise Siebel Engineering - Installer and Deployment. Successful attacks of this vulnerability can     result in unauthorized read access to a subset of Siebel Engineering - Installer and Deployment accessible     data. (CVE-2020-9488)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202402-16 (Apache Log4j: Multiple Vulnerabilities)

  - Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data     which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when     listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
    (CVE-2019-17571)

  - Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an     SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent     through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 (CVE-2020-9488)

  - A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious     code execution. (CVE-2020-9493)

  - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker     has write access to the Log4j configuration or if the configuration references an LDAP service the     attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing     JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to     CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which     is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2     as it addresses numerous other issues from the previous versions. (CVE-2022-23302)

  - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the     values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be     included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or     headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue     only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.
    Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized     SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of     life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the     previous versions. (CVE-2022-23305)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of AOS installed on the remote host is prior to 5.20.3.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20.3.5 advisory.

  - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw     V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)

  - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the     values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be     included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or     headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue     only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.
    Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized     SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of     life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the     previous versions. (CVE-2022-23305)

  - AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS     extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. (CVE-2021-45417)

  - Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data     which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when     listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
    (CVE-2019-17571)

  - Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an     SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent     through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 (CVE-2020-9488)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of AOS installed on the remote host is prior to 6.0.2.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.0.2.6 advisory.

  - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw     V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)

  - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the     values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be     included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or     headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue     only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.
    Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized     SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of     life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the     previous versions. (CVE-2022-23305)

  - AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS     extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. (CVE-2021-45417)

  - Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data     which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when     listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
    (CVE-2019-17571)

  - Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an     SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent     through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 (CVE-2020-9488)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of AOS installed on the remote host is prior to 5.20.4. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20.4 advisory.

  - In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. (CVE-2022-25315)

  - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw     V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)

  - NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow     when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures     encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for     certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how     they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and     PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and     Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
    (CVE-2021-43527)

  - AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS     extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. (CVE-2021-45417)

  - It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-     default configurations. This could allows attackers with control over Thread Context Map (MDC) input data     when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for     example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input     data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some     environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix     this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
    (CVE-2021-45046)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of AOS installed on the remote host is prior to 6.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.1.1 advisory.

  - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write     access to the Log4j configuration. The attacker can provide TopicBindingName and     TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result     in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2     when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of     life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the     previous versions. (CVE-2021-4104)

  - It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-     default configurations. This could allows attackers with control over Thread Context Map (MDC) input data     when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for     example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input     data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some     environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix     this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
    (CVE-2021-45046)

  - Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI     features used in configuration, log messages, and parameters do not protect against attacker controlled     LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters     can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From     log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3,     and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to     log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
    (CVE-2021-44228)

  - xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and     watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows     remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory     corruption) via a crafted XML document. (CVE-2016-4658)

  - NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow     when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures     encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for     certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how     they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and     PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and     Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
    (CVE-2021-43527)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the installation of Apache Log4j on the remote host is 1.x and is no longer supported. Log4j reached its end of life prior to 2016. Additionally, Log4j 1.x is affected by multiple vulnerabilities, including :

  - Log4j includes a SocketServer that accepts serialized log events and deserializes them without verifying whether     the objects are allowed or not. This can provide an attack vector that can be exploited. (CVE-2019-17571)

  - Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS     connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that     appender. (CVE-2020-9488)

  - JMSSink uses JNDI in an unprotected manner allowing any application using the JMSSink to be vulnerable if it is     configured to reference an untrusted site or if the site referenced can be accesseed by the attacker.
    (CVE-2022-23302)

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2852 advisory.

    Several security vulnerabilities were found in Apache Log4j2, a Logging Framework for Java, which could     lead to a denial of service or information disclosure. CVE-2020-9488 Improper validation of certificate     with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted     by a man-in-the-middle attack which could leak any log messages sent through that appender. CVE-2021-45105     Apache Log4j2 did not protect from uncontrolled recursion from self-referential lookups. This allows an     attacker with control over Thread Context Map data to cause a denial of service when a crafted string is     interpreted. For Debian 9 stretch, these problems have been fixed in version 2.12.3-0+deb9u1. We recommend     that you upgrade your apache-log4j2 packages. For the detailed security status of apache-log4j2 please     refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache-log4j2 Further     information about Debian LTS security advisories, how to apply these updates to your system and frequently     asked questions can be found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5020 advisory.

    Chen Zhaojun of Alibaba Cloud Security Team discovered a critical security vulnerability in Apache Log4j,     a popular Logging Framework for Java. JNDI features used in configuration, log messages, and parameters do     not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control     log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message     lookup substitution is enabled. From version 2.15.0, this behavior has been disabled by default. This     update also fixes CVE-2020-9488 in the oldstable distribution (buster). Improper validation of certificate     with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted     by a man-in-the-middle attack which could leak any log messages sent through that appender. For the     oldstable distribution (buster), this problem has been fixed in version 2.15.0-1~deb10u1. For the stable     distribution (bullseye), this problem has been fixed in version 2.15.0-1~deb11u1. We recommend that you     upgrade your apache-log4j2 packages. For the detailed security status of apache-log4j2 please refer to its     security tracker page at: https://security-tracker.debian.org/tracker/apache-log4j2

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle E-Business Suite installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2021 CPU advisory.

  - A vulnerability exists in the Oracle Applications Framework product of Oracle E-Business Suite (component:
    Home page). The supported version that is affected is 12.2.10. Easily exploitable vulnerability allows     unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework.
    Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification     access to critical data or all Oracle Applications Framework accessible data as well as unauthorized     access to critical data or complete access to all Oracle Applications Framework accessible data.
    (CVE-2021-2200)

  - A vulnerability exists in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing     Administration). Supported versions that are affected are 12.2.7-12.2.10. Easily exploitable vulnerability     allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful     attacks of this vulnerability can result in unauthorized creation, deletion or modification access to     critical data or all Oracle Marketing accessible data as well as unauthorized access to critical data or     complete access to all Oracle Marketing accessible data. (CVE-2021-2205)

  - A vulnerability exists in the Oracle Email Center product of Oracle E-Business Suite (component: Message     Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable     vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Email     Center. While the vulnerability is in Oracle Email Center, attacks may significantly impact additional     products. Successful attacks of this vulnerability can result in unauthorized access to critical data or     complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or     delete access to some of Oracle Email Center accessible data. (CVE-2021-2209)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version   number.

The version of WebLogic Server installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2020 CPU advisory.

  - An unspecified vulnerability exists in the Console component. An unauthenticated, remote attacker with     network access via HTTP can exploit this issue to compromise the server. Successful attacks of this     vulnerability can result in takeover of Oracle WebLogic Server. (CVE-2020-14750, CVE-2020-14882)

  - An unspecified vulnerability exists in the Core component. An unauthenticated, remote attacker can exploit     this issue via the IIOP and T3 protocols to compromise the server. Successful attacks of this     vulnerability can result in takeover of Oracle WebLogic Server. (CVE-2020-14859)

  - An unspecified vulnerability exists in the Core component. An unauthenticated, remote attacker can exploit     this issue via the IIOP protocol to compromise the server. Successful attacks of this vulnerability can     result in takeover of Oracle WebLogic Server. (CVE-2020-14841)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The 16.1-16.2, 17.7-17.12, 18.8, and 19.12 versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2020 CPU advisory.

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform     (Apache Derby)). Supported versions that are affected are 16.1-16.2, 17.7-17.12, 18.8 and 19.12. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized access to critical     data or complete access to all Primavera Unifier accessible data and unauthorized ability to cause a hang     or frequently repeatable crash (complete DOS) of Primavera Unifier. (CVE-2015-1832)

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform     (iText)). Supported versions that are affected are 16.1-16.2, 17.7-17.12, 18.8 and 19.12. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Primavera Unifier. Successful attacks require human interaction from a person other than the attacker.
    Successful attacks of this vulnerability can result in takeover of Primavera Unifier. (CVE-2017-9096)

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform     (Apache Solr)). Supported versions that are affected are 16.1-16.2, 17.7-17.12, 18.8 and 19.12. Difficult     to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise     Primavera Unifier. Successful attacks of this vulnerability can result in takeover of Primavera Unifier.
    (CVE-2019-17558)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3817 advisory.

    Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport     protocol to or from AMQ Broker 6 and 7.

    This update provides various bug fixes and enhancements in addition to the client package versions     previously released on Red Hat Enterprise Linux 6, 7, and 8.

    Security Fix(es):

    * jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime     (CVE-2020-11113)

    * wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)

    * wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing     Denial of Service (CVE-2020-14307)

    * log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The 16.2.0-16.2.11, 17.12.0-17.12.7, 18.8.0-18.8.9, and 19.12.0-19.12.4 versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2020 CPU advisory.

  - Vulnerability in the Primavera Gateway product of Oracle     Construction and Engineering (component: Admin (Apache     Ant)). Supported versions that are affected are     16.2.0-16.2.11 and 17.12.0-17.12.7. Easily exploitable     vulnerability allows unauthenticated attacker with     network access via HTTP to compromise Primavera Gateway.
    Successful attacks of this vulnerability can result in     takeover of Primavera Gateway.

  - Vulnerability in the Primavera Gateway product of Oracle     Construction and Engineering (component: Admin     (jQuery)). Supported versions that are affected are     16.2.0-16.2.11, 17.12.0-17.12.7, 18.8.0-18.8.9 and     19.12.0-19.12.4. Easily exploitable vulnerability allows     unauthenticated attacker with network access via HTTP to     compromise Primavera Gateway. Successful attacks require     human interaction from a person other than the attacker     and while the vulnerability is in Primavera Gateway,     attacks may significantly impact additional products.
    Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of     Primavera Gateway accessible data as well as     unauthorized read access to a subset of Primavera     Gateway accessible data.

  - Vulnerability in the Primavera Gateway product of Oracle     Construction and Engineering (component: Admin (Log4j)).
    Supported versions that are affected are 16.2.0-16.2.11,     17.12.0-17.12.7, 18.8.0-18.8.9 and 19.12.0-19.12.4.
    Difficult to exploit vulnerability allows     unauthenticated attacker with network access via SMTPS     to compromise Primavera Gateway. Successful attacks of     this vulnerability can result in unauthorized read     access to a subset of Primavera Gateway accessible data.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Apache Log4j on the remote host is < 2.13.2. It is, therefore, affected by an improper certificate validation vulnerability in the log4j SMTP appender. An attacker could leverage this vulnerability to perform a man-in-the-middle attack.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
223593	Linux Distros Unpatched Vulnerability : CVE-2020-9488	Nessus	Misc.	low
212425	Oracle Siebel Server (October 2021 CPU)	Nessus	Misc.	high
212424	Oracle Siebel Server (April 2021 CPU)	Nessus	Misc.	high
212407	Oracle Siebel Server (July 2020 CPU)	Nessus	Misc.	critical
190670	GLSA-202402-16 : Apache Log4j: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	critical
165276	Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.3.5)	Nessus	Misc.	critical
164607	Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.0.2.6)	Nessus	Misc.	critical
164601	Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.4)	Nessus	Misc.	critical
164572	Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.1.1)	Nessus	Misc.	high
156860	Apache Log4j 1.x Multiple Vulnerabilities	Nessus	Misc.	critical
156396	Debian DLA-2852-1 : apache-log4j2 - LTS security update	Nessus	Debian Local Security Checks	low
156015	Debian DSA-5020-1 : apache-log4j2 - security update	Nessus	Debian Local Security Checks	critical
148952	Oracle E-Business Suite Multiple Vulnerabilities (April 2021 CPU)	Nessus	Misc.	high
141807	Oracle WebLogic Server Multiple Vulnerabilities (Oct 2020 CPU)	Nessus	Misc.	critical
141641	Oracle Primavera Unifier (Oct 2020 CPU)	Nessus	CGI abuses	critical
140747	RHEL 6 / 7 / 8 : AMQ Clients 2.8.0 Release (Moderate) (RHSA-2020:3817)	Nessus	Red Hat Local Security Checks	high
138526	Oracle Primavera Gateway (Jul 2020 CPU)	Nessus	CGI abuses	critical
136424	Apache Log4j < 2.13.2 Improper Certificate Verification	Nessus	Misc.	low

Detections

Analytics

CVE-2020-9488

low

Tenable Plugins

low

high

high

critical

critical

critical

critical

critical

high

critical

low

critical

high

critical

critical

high

critical

low