When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

The version of Oracle Business Intelligence Enterprise Edition (OAS) 6.4.0.0.0 and 7.0.0.0 installed on the remote host are affected by a vulnerability as referenced in the July 2023 CPU advisory. 

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Analytics Server (Apache Hive)). Supported versions that are affected are 6.4.0.0.0,     7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network     access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of     this vulnerability can result in unauthorized creation, deletion or modification access to critical data     or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to     critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data.
    (CVE-2018-1282)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Visual Analyzer (jackson-databind)). Supported versions that are affected are 6.4.0.0.0 and     7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of     Oracle Business Intelligence Enterprise Edition. (CVE-2022-33980)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Visual Analyzer (CKEditor)). Supported versions that are affected are 6.4.0.0.0 and     7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human     interaction from a person other than the attacker and while the vulnerability is in Oracle Business     Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change).     Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to     some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read     access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. (CVE-2023-28439)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Oracle Business Intelligence Enterprise Edition (OBIEE) installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory.

  - A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity     vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different     classes. (CVE-2019-10172)

  - An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The     OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing     incorrect passwords to indicate they were matching with previously hashed ones that were different.
    (CVE-2020-28052)

  - The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user     from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects     XMLBeans up to and including v2.6.0. (CVE-2021-23926)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the April 2023 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities, including:

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console     (Apache Commons FileUpload)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and     14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized     ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.
    (CVE-2023-24998)

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples     (XStream)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable     vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic     Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or     frequently repeatable crash (complete DOS) of Oracle WebLogic Server. (CVE-2022-40152)

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party     (Apache Commons Compress)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. (CVE-2021-36090)

  Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of GoldenGate installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory.

  - Vulnerability in Oracle GoldenGate (component: Oracle GoldenGate Microservices (Dell BSAFE Micro Edition     Suite)).   The supported version that is affected is 19c. Easily exploitable vulnerability allows     unauthenticated attacker with network access via HTTPS to compromise Oracle GoldenGate.  Successful     attacks of this vulnerability can result in takeover of Oracle GoldenGate. (CVE-2020-35169)

  - Vulnerability in the Oracle Goldengate product of Oracle GoldenGate (component: Stream Analytics     (JinJava)). The supported version that is affected is 19c. Easily exploitable vulnerability allows low     privileged attacker with network access via HTTP to compromise Oracle Goldengate.  Successful attacks of     this vulnerability can result in  unauthorized read access to a subset of Oracle Goldengate accessible     data. (CVE-2018-18893)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Oracle Business Intelligence Enterprise Edition (OAS) installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory.

  - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter     Sites (CKEditor)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable     vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter     Sites. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or     frequently repeatable crash (complete DOS) of Oracle WebCenter Sites. (CVE-2022-24729)

  - Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component:
    Installation and Configuration (Apache Commons Configuration)). The supported version that is affected is     11.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to     compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result     in takeover of Oracle Hyperion Infrastructure Technology. (CVE-2022-33980)   
  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware     (component: Analytics Web ADF Integration (Apache Commons Compress)). The supported version that is     affected is 5.9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access     via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of Oracle Business Intelligence Enterprise Edition. (CVE-2021-36090)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5555 advisory.

  - springframework: malicious input leads to insertion of additional log entries (CVE-2021-22096)

  - nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)

  - apache-commons-compress: infinite loop when reading a specially crafted 7Z archive (CVE-2021-35515)

  - apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive     (CVE-2021-35516)

  - apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive     (CVE-2021-35517)

  - apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive     (CVE-2021-36090)

  - nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)

  - spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)

  - semantic-release: Masked secrets can be disclosed if they contain characters that are excluded from uri     encoding (CVE-2022-31051)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the April 2022 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities:

  - An XML external entity vulnerability in the bundled jackson-databind component which allows an unauthenticated     attacker with network access via HTTP to access, create or delete all data accessible to Oracle WebCenter     Portal. (CVE-2020-25649)

  - Denial of service vulnerabilities in the bundled Apache Tika, jsoup, Netty and Apache Commons Compress components which     allow an unauthenticated attacker with network access via HTTP to cause a hang or frequently repeatable crash     of the Oracle WebCenter Portal. (CVE-2020-28657, CVE-2021-36090, CVE-2021-37137, CVE-2021-37714)

  - A path traversal vulnerability in the bundled Apache Commons IO component which allows an unauthenticated attacker     with network access via HTTP to read, update or delete a subset of data accessible to Oracle WebCenter Portal.
    (CVE-2021-29425)

  - A Denial of service vulnerability in the bundled Apache PDFBox component which allows an unauthenticated attacker     with logon to the infrastructure where Oracle WebCenter Portal executes, with human interaction from another user     to cause a hang or frequently repeatable crash of the Oracle WebCenter Portal. (CVE-2021-31912)

  - A cross-site scripting vulnerability in the bundled CKEditor component which allows a low privileged attacker     with network access via HTTP, with human interaction from another user, to read, update or delete a subset of     data accessible to Oracle WebCenter Portal. (CVE-2021-41165)

  - A remote code execution vulnerability in the bundled Apache Log4J component which allows a high privileged     attacker with network access via HTTP to execute arbitrary code on the Oracle WebCenter Portal. (CVE-2021-44832)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Installer (Apache Commons Compress)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0.
Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Process Management Suite.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version   number.

The version of Primavera Gateway installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory, including the following:

  - Vulnerability in the Oracle Retail Store Inventory Management product of Oracle Retail Applications     (component: SIM Integration (JDBC)). Supported versions that are affected are 14.1, 15.0 and 16.0.
    Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to     compromise Oracle Retail Store Inventory Management. Successful attacks require human interaction from a     person other than the attacker and while the vulnerability is in Oracle Retail Store Inventory Management,     attacks may significantly impact additional products. Successful attacks of this vulnerability can result     in takeover of Oracle Retail Store Inventory Management. (CVE-2021-2351)

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: File     Management (Apache Commons Compress)). Supported versions that are affected are 17.7-17.12, 18.8, 19.12     and 20.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized     ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier. (CVE-2021-36090)

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component:
    Platform, UI (Lodash)). Supported versions that are affected are 17.7-17.12, 18.8, 19.12 and 20.12. Easily     exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise     Primavera Unifier. (CVE-2021-23337)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Primavera Unifier installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory, including the following:

  - An easily exploitable vulnerability in the File Management component of Primavera Unifier that allows an     unauthenticated, remote attacker to compromise availability. (CVE-2021-36090)

  - An easily exploitable vulnerability in the Platform, UI (Lodash) component of Primavera Unifier that     allows a remote, high privileged attacker to compromise confidentiality, integrity, and availability.
    (CVE-2021-23337)

  - An easily exploitable vulnerability in the Platform (Apache Tika) component of Primavera unifier that     allows an unauthenticated attacker to compromise availability. (CVE-2021-28657)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1115-1 advisory.

  - When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an     entry can result in an infinite loop. This could be used to mount a denial of service attack against     services that use Compress' sevenz package. (CVE-2021-35515)

  - When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that     finally leads to an out of memory error even for very small inputs. This could be used to mount a denial     of service attack against services that use Compress' sevenz package. (CVE-2021-35516)

  - When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory     that finally leads to an out of memory error even for very small inputs. This could be used to mount a     denial of service attack against services that use Compress' tar package. (CVE-2021-35517)

  - When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory     that finally leads to an out of memory error even for very small inputs. This could be used to mount a     denial of service attack against services that use Compress' zip package. (CVE-2021-36090)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2612-1 advisory.

  - When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an     entry can result in an infinite loop. This could be used to mount a denial of service attack against     services that use Compress' sevenz package. (CVE-2021-35515)

  - When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that     finally leads to an out of memory error even for very small inputs. This could be used to mount a denial     of service attack against services that use Compress' sevenz package. (CVE-2021-35516)

  - When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory     that finally leads to an out of memory error even for very small inputs. This could be used to mount a     denial of service attack against services that use Compress' tar package. (CVE-2021-35517)

  - When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory     that finally leads to an out of memory error even for very small inputs. This could be used to mount a     denial of service attack against services that use Compress' zip package. (CVE-2021-36090)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2612-1 advisory.

  - When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an     entry can result in an infinite loop. This could be used to mount a denial of service attack against     services that use Compress' sevenz package. (CVE-2021-35515)

  - When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that     finally leads to an out of memory error even for very small inputs. This could be used to mount a denial     of service attack against services that use Compress' sevenz package. (CVE-2021-35516)

  - When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory     that finally leads to an out of memory error even for very small inputs. This could be used to mount a     denial of service attack against services that use Compress' tar package. (CVE-2021-35517)

  - When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory     that finally leads to an out of memory error even for very small inputs. This could be used to mount a     denial of service attack against services that use Compress' zip package. (CVE-2021-36090)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
178710	Oracle Business Intelligence Enterprise Edition (OAS) (July 2023 CPU)	Nessus	Misc.	critical
174742	Oracle Business Intelligence Enterprise Edition (Apr 2023 CPU)	Nessus	Misc.	critical
174464	Oracle WebLogic Server (Apr 2023 CPU)	Nessus	Misc.	high
166440	Oracle GoldenGate (Oct 2022 CPU)	Nessus	Misc.	critical
166337	Oracle Business Intelligence Publisher 5.9.x < 5.9.0(OAS) (Oct 2022 CPU)	Nessus	Misc.	critical
163260	RHEL 8 : RHV Manager (ovirt-engine) [ovirt-4.5.1] (RHSA-2022:5555)	Nessus	Red Hat Local Security Checks	high
159954	Oracle WebCenter Portal Multiple Vulnerabilities (Apr 2022 CPU)	Nessus	Misc.	high
156931	Oracle Business Process Management Suite (Jan 2022 CPU)	Nessus	Misc.	high
154297	Oracle Primavera Gateway (Oct 2021 CPU)	Nessus	CGI abuses	high
154262	Oracle Primavera Unifier (Oct 2021 CPU)	Nessus	CGI abuses	high
152463	openSUSE 15 Security Update : apache-commons-compress (openSUSE-SU-2021:1115-1)	Nessus	SuSE Local Security Checks	high
152256	openSUSE 15 Security Update : apache-commons-compress (openSUSE-SU-2021:2612-1)	Nessus	SuSE Local Security Checks	high
152248	SUSE SLED15 / SLES15 Security Update : apache-commons-compress (SUSE-SU-2021:2612-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2021-36090

high

Tenable Plugins

critical

critical

high

critical

critical

high

high

high

high

high

high

high

high