CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.

The version of IBM Engineering Requirements Management DOORS (formerly IBM Rational DOORS) installed on the remote host is 9.7.2.x prior to 9.7.2.8. It is, therefore, affected by multiple vulnerabilities as referenced in the 7124058 advisory.

  - Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet     containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly     vulnerable to an authorization bypass. (CVE-2022-32532)

  - The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow     a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary     shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client     or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade     both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
    (CVE-2023-46604)

  - Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be     exploited. There is only a risk in conjunction with Java object deserialization within an application. In     such situations, it allows attackers to erase contents of arbitrary files, make network connections, or     possibly run arbitrary code (specifically, Function0 functions) via a gadget chain. (CVE-2022-36944)

  - IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which     could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the     website trusts. IBM X-Force ID: 251216. (CVE-2023-28949)

  - A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows     remote attackers to inject arbitrary web script through a crafted protected comment (with the     cke_protected syntax). (CVE-2020-9281)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-b61dfd219b advisory.

  - CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered     in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The     vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in     executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has     been recognized and patched. The fix will be available in version 4.17.0. (CVE-2021-41164)

  - CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered     in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability     allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing     JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been     recognized and patched. The fix will be available in version 4.17.0. (CVE-2021-41165)

  - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered     in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0.
    The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could     result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently     no known workarounds. (CVE-2022-24728)

  - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0     contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input     validator regular expression, which can cause a significant performance drop resulting in a browser tab     freeze. A patch is available in version 4.18.0. There are currently no known workarounds. (CVE-2022-24729)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory.

  - Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server.
    The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged     attacker having Create Any Procedure privilege with network access via Oracle Net to compromise Oracle     Database - Enterprise Edition Sharding. Successful attacks of this vulnerability can result in takeover of     Oracle Database - Enterprise Edition Sharding. (CVE-2022-21410)

  - Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are     12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create     Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks     of this vulnerability can result in unauthorized creation, deletion or modification access to critical     data or all Java VM accessible data. (CVE-2022-21498)

  - Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server.
    Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows     low privileged attacker having Create Session privilege with network access via Oracle Net to compromise     RDBMS Gateway / Generic ODBC Connectivity. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of RDBMS Gateway / Generic ODBC Connectivity     accessible data as well as unauthorized read access to a subset of RDBMS Gateway / Generic ODBC     Connectivity accessible data. (CVE-2022-21411)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the instance of Drupal running on the remote web server is 8.9.x prior to 8.9.20, 9.1.x prior to 9.1.14, or 9.2.x prior to 9.2.9. It is, therefore, affected by multiple cross-site scripting vulnerabilities due to its usage of a third party component, CKEditor, for WYSIWYG editing:

 - A Cross-Site Scripting (XSS) was discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. (CVE-2021-41165)

 - A Cross-Site Scripting (XSS) was discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. (CVE-2021-41164)

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the instance of Drupal running on the remote web server is 8.9.x prior to 8.9.20, 9.1.x prior to 9.1.14, or 9.2.x prior to 9.2.9. It is, therefore, affected by multiple vulnerabilities.

  - CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered     in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The     vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in     executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has     been recognized and patched. The fix will be available in version 4.17.0. (CVE-2021-41164)

  - CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered     in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability     allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing     JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been     recognized and patched. The fix will be available in version 4.17.0. (CVE-2021-41165)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
191754	IBM Engineering Requirements Management DOORS 9.7.2.x < 9.7.2.8 Multiple Vulnerabilities (7124058)	Nessus	Windows	critical
169023	Fedora 36 : ckeditor (2022-b61dfd219b)	Nessus	Fedora Local Security Checks	medium
160079	Oracle Database Server (Apr 2022 CPU)	Nessus	Databases	high
113066	Drupal 8.9.x < 8.9.20 Cross-Site Scripting	Web App Scanning	Component Vulnerability	medium
113065	Drupal 9.1.x < 9.1.14 Cross-Site Scripting	Web App Scanning	Component Vulnerability	medium
113064	Drupal 9.2.x < 9.2.9 Cross-Site Scripting	Web App Scanning	Component Vulnerability	medium
155559	Drupal 8.9.x < 8.9.20 / 9.1.x < 9.1.14 / 9.2.x < 9.2.9 Multiple Vulnerabilities (drupal-2021-11-17)	Nessus	CGI abuses	medium

Detections

Analytics

CVE-2021-41164

medium

Tenable Plugins

critical

medium

high

medium

medium

medium

medium