jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.

The remote Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5181-1 advisory.

  - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of     the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is     fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A     workaround is to not accept the value of the `of` option from untrusted sources. (CVE-2021-41184)

  - jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of     jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a     checkboxradio widget on an input enclosed within a label makes that parent label contents considered as     the input label. Calling `.checkboxradio( refresh )` on such a widget and the initial HTML contained     encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing     JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can     change the initial HTML can wrap all the non-input contents of the `label` in a `span`. (CVE-2022-31160)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 ESM / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6419-1 advisory.

  - Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject     arbitrary web script or HTML via the closeText parameter of the dialog function. (CVE-2016-7103)

  - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of     the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The     issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a     CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
    (CVE-2021-41182)

  - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of     various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The     issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as     pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted     sources. (CVE-2021-41183)

  - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of     the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is     fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A     workaround is to not accept the value of the `of` option from untrusted sources. (CVE-2021-41184)

  - jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of     jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a     checkboxradio widget on an input enclosed within a label makes that parent label contents considered as     the input label. Calling `.checkboxradio( refresh )` on such a widget and the initial HTML contained     encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing     JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can     change the initial HTML can wrap all the non-input contents of the `label` in a `span`. (CVE-2022-31160)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3551 advisory.

  - jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true,     {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable
    __proto__ property, it could extend the native Object.prototype. (CVE-2019-11358)

  - An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x     through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an     OTRS system. If a logged-in agent user quotes it, the email could cause the browser to load external image     resources. (CVE-2019-12248)

  - An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x     through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal     information of agents (e.g., Name and mail address) can be disclosed in external notes. (CVE-2019-12497)

  - An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and     6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by     sharing the link of an embedded ticket article with third parties. This identifier can be then be     potentially abused in order to impersonate the agent user. (CVE-2019-12746)

  - An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition     5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with     appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user     passwords. (CVE-2019-13458)

  - An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition     5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user     with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as     an article body. This malicious code is executed when an agent composes an answer to the original article.
    (CVE-2019-16375)

  - An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition     5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to     list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have     permissions. (CVE-2019-18179)

  - Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading     files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to     cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and     prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior     versions. (CVE-2019-18180)

  - In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources -     even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and     others) may execute untrusted code. This problem is patched in jQuery 3.5.0. (CVE-2020-11022)

  - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option>     elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods     (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
    (CVE-2020-11023)

  - An improper control of parameters allows the spoofing of the from fields of the following screens:
    AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue     affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and     prior versions. OTRS 7.0.x version 7.0.13 and prior versions. (CVE-2020-1765)

  - Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force     the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg     file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x     version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. (CVE-2020-1766)

  - Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the     text completely and send it in the name of Agent A. For the customer it will not be visible that the     message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and     prior versions. OTRS 7.0.x version 7.0.13 and prior versions. (CVE-2020-1767)

  - In the login screens (in agent and customer interface), Username and Password fields use autocomplete,     which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and     prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. (CVE-2020-1769)

  - Support bundle generated files could contain sensitive information that might be unwanted to be disclosed.
    This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions.
    OTRS: 7.0.15 and prior versions. (CVE-2020-1770)

  - Attacker is able craft an article with a link to the customer address book with malicious content     (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter     encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and     prior versions. (CVE-2020-1771)

  - It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to     retrieve valid Token(s), generated by users which already requested new passwords. This issue affects:
    ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior     versions. (CVE-2020-1772)

  - An attacker with the ability to generate session IDs or password reset tokens, either by being able to     authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset     tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and     prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions. (CVE-2020-1773)

  - When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public     keys. Therefore it's possible to mix them and to send private key to the third-party instead of public     key. This issue affects ((OTRS)) Community Edition: 5.0.42 and prior versions, 6.0.27 and prior versions.
    OTRS: 7.0.16 and prior versions. (CVE-2020-1774)

  - When an agent user is renamed or set to invalid the session belonging to the user is keept active. The     session can not be used to access ticket data in the case the agent is invalid. This issue affects     ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior     versions. (CVE-2020-1776)

  - The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an     npm package jquery-validation. jquery-validation before version 1.19.3 contains one or more regular     expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.
    (CVE-2021-21252)

  - DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the     high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue     affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x     version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions. (CVE-2021-21439)

  - Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This     issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS     7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions. (CVE-2021-21440)

  - There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information     by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted     e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS))     Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior     versions. (CVE-2021-21441)

  - Agents are able to list customer user emails without required permissions in the bulk action screen. This     issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS:
    7.0.x versions prior to 7.0.27. (CVE-2021-21443)

  - Agents are able to list appointments in the calendars without required permissions. This issue affects:
    OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions     prior to 7.0.27. (CVE-2021-36091)

  - Specially crafted string in OTRS system configuration can allow the execution of any system command.
    (CVE-2021-36100)

  - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of     the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The     issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a     CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
    (CVE-2021-41182)

  - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of     various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The     issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as     pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted     sources. (CVE-2021-41183)

  - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of     the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is     fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A     workaround is to not accept the value of the `of` option from untrusted sources. (CVE-2021-41184)

  - Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL     Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from     8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. (CVE-2022-4427)

  - Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or     TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to     perform an host header injection for the ContentType header of the attachment. This issue affects OTRS:
    from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
    (CVE-2023-38060)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle Business Intelligence Enterprise Edition (OAS) 6.4.0.0.0 and 7.0.0.0 installed on the remote host are affected by a vulnerability as referenced in the July 2023 CPU advisory. 

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Analytics Server (Apache Hive)). Supported versions that are affected are 6.4.0.0.0,     7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network     access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of     this vulnerability can result in unauthorized creation, deletion or modification access to critical data     or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to     critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data.
    (CVE-2018-1282)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Visual Analyzer (jackson-databind)). Supported versions that are affected are 6.4.0.0.0 and     7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of     Oracle Business Intelligence Enterprise Edition. (CVE-2022-33980)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Visual Analyzer (CKEditor)). Supported versions that are affected are 6.4.0.0.0 and     7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human     interaction from a person other than the attacker and while the vulnerability is in Oracle Business     Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change).     Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to     some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read     access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. (CVE-2023-28439)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle Business Process Management Suite installed on the remote host is affected by multiple vulnerabilities, as referenced in the July 2023 CPU advisory, including:

  - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware     (component: Runtime Engine (Apache Xerces2 Java)). The supported version that is affected is     12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via     HTTP to compromise Oracle Business Process Management Suite. Successful attacks require human interaction     from a person other than the attacker. Successful attacks of this vulnerability can result in     unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business     Process Management Suite. (CVE-2022-23437)

  - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware     (component: BPM Studio (jQueryUI)). The supported version that is affected is 12.2.1.4.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Oracle Business Process Management Suite. Successful attacks require human interaction from a person     other than the attacker and while the vulnerability is in Oracle Business Process Management Suite,     attacks may significantly impact additional products (scope change). Successful attacks of this     vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business     Process Management Suite accessible data as well as unauthorized read access to a subset of Oracle     Business Process Management Suite accessible data. (CVE-2021-41184)

  - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware     (component: Installer (Apache Ant)). The supported version that is affected is 12.2.1.4.0. Easily     exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle     Business Process Management Suite executes to compromise Oracle Business Process Management Suite.
    Successful attacks require human interaction from a person other than the attacker. Successful attacks of     this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash     (complete DOS) of Oracle Business Process Management Suite. (CVE-2021-36374)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The versions of Oracle Business Intelligence Enterprise Edition (OBIEE) (OAS) installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory.

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Analytics Server (Apache Commons BeanUtils)). The supported version that is affected is     6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability     can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence     Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business     Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of     service (partial DOS) of Oracle Business Intelligence Enterprise Edition. (CVE-2019-10086)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Analytics Server (zlib)). The supported version that is affected is 6.4.0.0.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in     takeover of Oracle Business Intelligence Enterprise Edition. (CVE-2022-37434)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: BI Application Archive (Apache Commons Text)). The supported version that is affected is     6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability     can result in takeover of Oracle Business Intelligence Enterprise Edition. (CVE-2022-42889)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-9d655503ea advisory.

  - Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before     1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
    (CVE-2010-5312)

  - Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject     arbitrary web script or HTML via the closeText parameter of the dialog function. (CVE-2016-7103)

  - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of     the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The     issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a     CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
    (CVE-2021-41182)

  - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of     various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The     issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as     pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted     sources. (CVE-2021-41183)

  - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of     the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is     fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A     workaround is to not accept the value of the `of` option from untrusted sources. (CVE-2021-41184)

  - Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be     vulnerable to improper input validation. This could allow an attacker to inject disallowed values or     overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or     sensitive data. (CVE-2022-25271)

  - In some situations, the Image module does not correctly check access to image files not stored in the     standard public files directory when generating derivative images using the image styles system. Access to     a non-public file is checked only if it is stored in the private file system. However, some contributed     modules provide additional file systems, or schemes, which may lead to this vulnerability. This     vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9)     $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7)     $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and     Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration     changes following this security release. Review the release notes for your Drupal version if you have     issues accessing files or image styles after updating. (CVE-2022-25275)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-bf18450366 advisory.

  - Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before     1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
    (CVE-2010-5312)

  - Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject     arbitrary web script or HTML via the closeText parameter of the dialog function. (CVE-2016-7103)

  - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of     the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The     issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a     CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
    (CVE-2021-41182)

  - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of     various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The     issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as     pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted     sources. (CVE-2021-41183)

  - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of     the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is     fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A     workaround is to not accept the value of the `of` option from untrusted sources. (CVE-2021-41184)

  - Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be     vulnerable to improper input validation. This could allow an attacker to inject disallowed values or     overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or     sensitive data. (CVE-2022-25271)

  - In some situations, the Image module does not correctly check access to image files not stored in the     standard public files directory when generating derivative images using the image styles system. Access to     a non-public file is checked only if it is stored in the private file system. However, some contributed     modules provide additional file systems, or schemes, which may lead to this vulnerability. This     vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9)     $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7)     $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and     Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration     changes following this security release. Review the release notes for your Drupal version if you have     issues accessing files or image styles after updating. (CVE-2022-25275)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3230 advisory.

  - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of     the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The     issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a     CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
    (CVE-2021-41182)

  - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of     various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The     issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as     pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted     sources. (CVE-2021-41183)

  - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of     the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is     fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A     workaround is to not accept the value of the `of` option from untrusted sources. (CVE-2021-41184)

  - jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of     jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a     checkboxradio widget on an input enclosed within a label makes that parent label contents considered as     the input label. Calling `.checkboxradio( refresh )` on such a widget and the initial HTML contained     encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing     JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can     change the initial HTML can wrap all the non-input contents of the `label` in a `span`. (CVE-2022-31160)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Dell Wyse Management Suite installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the DSA-2022-143 advisory.

  - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of     the 'of' option of the '.position()' util from untrusted sources may execute untrusted code. The issue is     fixed in jQuery UI 1.13.0. Any string value passed to the 'of' option is now treated as a CSS selector. A     workaround is to not accept the value of the 'of' option from untrusted sources. (CVE-2021-41184)

  - Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in     saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability,     leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the     context of the vulnerable web application. Exploitation may lead to information disclosure, session theft,     or client-side request forgery. (CVE-2022-29096)

  - Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could     potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server     filesystem, with the privileges of the running web application. (CVE-2022-29097)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the Tenable Nessus application running on the remote host is 10.x prior to 10.4.0. It is, therefore, affected by multiple vulnerabilities, including:

  - An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a     scenario where unauthorized disclosure of agent logs and data is present. (CVE-2022-3499)   
  - An authenticated attacker could modify the client-side behavior to bypass the protection mechanisms resulting in     potentially unexpected interactions between the client and server. (CVE-2022-3498)

  - Cross-site scripting in the checkboxradio widget in JQuery UI. (CVE-2022-31160)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version   number.

The 12.1.0.2, 19c, 21c, All Supported Versions, and None versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory.

  - Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server.
    For supported versions that are affected see note. Easily exploitable vulnerability allows low privileged     attacker having Local Logon privilege with logon to the infrastructure where Oracle Database - Enterprise     Edition Sharding executes to compromise Oracle Database - Enterprise Edition Sharding. While the     vulnerability is in Oracle Database - Enterprise Edition Sharding, attacks may significantly impact     additional products (scope change). Successful attacks of this vulnerability can result in takeover of     Oracle Database - Enterprise Edition Sharding. (CVE-2022-21510)

  - Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For     supported versions that are affected see note. Easily exploitable vulnerability allows high privileged     attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with network access via Oracle Net to compromise Oracle     Database - Enterprise Edition Recovery. Successful attacks of this vulnerability can result in takeover of     Oracle Database - Enterprise Edition Recovery. Note: None of the supported versions are affected. (CVE-2022-21511)

  - Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are     12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure     privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability     can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible     data. (CVE-2022-21565)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4711 advisory.

  - nodejs-trim-off-newlines: ReDoS via string processing (CVE-2021-23425)

  - nodejs-normalize-url: ReDoS for data URLs (CVE-2021-33502)

  - nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)

  - jquery-ui: XSS in the altField option of the datepicker widget (CVE-2021-41182)

  - jquery-ui: XSS in *Text options of the datepicker widget (CVE-2021-41183)

  - jquery-ui: XSS in the 'of' option of the .position() util (CVE-2021-41184)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the Tenable Nessus application running on the remote host is 10.x prior to 10.2.0. It is, therefore, affected by multiple vulnerabilities in third-party libraries, including:

  - An integer overflow in storeRawNames in Expat (aka libexpat) before 2.4.5. (CVE-2022-25315)

  - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)

  - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version   number.

The version of Nessus Network Monitor (NNM) installed on the remote host is prior to 6.0.1. It is, therefore, affected by multiple vulnerabilities in third-party software.

  Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported   version number.

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is less than 5.21.0 and is therefore affected by multiple vulnerabilities:

    - A command injection vulnerability exists in Composer. An unauthenticated, remote attacker can exploit this       to execute arbitrary commands by installing untrusted dependencies. (CVE-2021-41116)     
    - A code injection vulnerability exists in Composer. An unauthenticated, remote attacker can exploit this       to execute arbitrary commands by controlling the $file or $identifier argument. (CVE-2022-24828)     
    - Read/write beyond bounds - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to       overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version       2.4.52 and prior versions. (CVE-2022-23943)   Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the April 2020 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities:

  - A temp directory creation vulnerability in the bundled Guava component that allows a low privileged attacker     with logon access to the infrastructure where Oracle WebLogic Server executes to gain read access to a subset of     data accessible to Oracle WebLogic Server. (CVE-2020-8908)

  - An improper input validation flaw in the bundled JBoss Enterprise Application Platform that allows an     unauthenticated attacker with network access via HTTP update, insert or delete access to a subset of data     accessible to Oracle WebLogic Server. (CVE-2021-28170)

  - A cross-site scripting vulnerability in the bundled JQuery component that allows an unauthenticated attacker with     network access via HTTP, with human interaction from another user, update, insert, delete and read access to a     subset of data accessible to Oracle WebLogic Server. (CVE-2021-41184)

  - A denial of service vulnerability in the core component of Oracle WebLogic Server that allows an unauthenticated     attacker with network access via T3/IIOP to cause a hang or frequently repeatable crash of the Oracle WebLogic     Server. (CVE-2022-21441)

  - A vulnerability in the console component of Oracle WebLogic Server that allows an unauthenticated attacker with     network access via HTTP, with human interaction from another user, update, insert, delete and read access to a     subset of the data accessible to Oracle WebLogic Server. (CVE-2022-21453)

  - A SQL injection vulnerability in the bundled Log4J component that allows an unauthenticated attacker with     network access via HTTP to execute arbitrary code on the Oracle WebLogic Server. (CVE-2022-23305)

  - An XML injection vulnerability in the bundled Apache Xerces Java component that allows an unauthenticated attacker     with network access via HTTP, with human interaction from another user, to cause a hang or frequently repeatable     crash of Oracle WebLogic Server. (CVE-2022-23437)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Primavera Unifier installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory.

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform     (dojo)). Supported versions that are affected are 17.7-17.12, 18.8, 19.12, 20.12 and 21.12. Easily     exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise     Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized ability to cause a     hang or frequently repeatable crash (complete DOS) of Primavera Unifier as well as unauthorized update,     insert or delete access to some of Primavera Unifier accessible data and unauthorized read access to a     subset of Primavera Unifier accessible data. (CVE-2021-23450)

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console,     Samples (jQueryUI)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.
    Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to     compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than     the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact     additional products (scope change). Successful attacks of this vulnerability can result in unauthorized     update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized     read access to a subset of Oracle WebLogic Server accessible data. (CVE-2021-41184)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory.

  - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General     (Apache Log4j)). Supported versions that are affected are 8.0.29 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL     Enterprise Monitor. (CVE-2022-23305)

  - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General     (Spring Framework)). Supported versions that are affected are 8.0.29 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL     Enterprise Monitor. (CVE-2022-22965)

  - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General     (Apache Tomcat)). Supported versions that are affected are 8.0.29 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. (CVE-2021-42340)

  - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General     (Spring Framework)). Supported versions that are affected are 8.0.29 and prior. The patterns for     disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is     listed with both upper and lower case for the first character of the field, including upper and lower case for the      first character of all nested fields within the property path. (CVE-2022-22968)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.86, 9.2.x prior to 9.2.11, or 9.3.x prior to 9.3.3. It is, therefore, affected by multiple vulnerabilities.

  - Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before     1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
    (CVE-2010-5312)

  - Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject     arbitrary web script or HTML via the closeText parameter of the dialog function. (CVE-2016-7103)

  - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of     the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The     issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a     CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
    (CVE-2021-41182)

  - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of     various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The     issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as     pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted     sources. (CVE-2021-41183)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of JQuery UI library hosted on the remote web server is prior to 1.13.0. It is, therefore, affected by multiple cross-site scripting vulnerabilities:

  - Accepting the value of the 'altField' option of the Datepicker widget from untrusted sources may execute untrusted     code. (CVE-2021-41182)

  - Accepting the value of various '*Text' options of the Datepicker widget from untrusted sources may execute     untrusted code. (CVE-2021-41183)

  - Accepting the value of the 'of' option of the '.position()' util from untrusted sources may execute untrusted     code. (CVE-2021-41184)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, jQuery UI is prior to 1.13.0. It is, therefore, affected by multiple vulnerabilities:

 - A Cross-Site Scripting (XSS) in the altField option of the Datepicker widget (CVE-2021-41182)

 - A Cross-Site Scripting (XSS) in *Text options of the Datepicker widget (CVE-2021-41183)

 - A Cross-Site Scripting (XSS) in the of option of the .position() util (CVE-2021-41184)

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
183120	Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM : jQuery UI vulnerability (USN-5181-1)	Nessus	Ubuntu Local Security Checks	medium
182583	Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : jQuery UI vulnerabilities (USN-6419-1)	Nessus	Ubuntu Local Security Checks	medium
180524	Debian DLA-3551-1 : otrs2 - LTS security update	Nessus	Debian Local Security Checks	critical
178710	Oracle Business Intelligence Enterprise Edition (OAS) (July 2023 CPU)	Nessus	Misc.	critical
178625	Oracle Business Process Management Suite (Jul 2023 CPU)	Nessus	Misc.	medium
174743	Oracle Business Intelligence Enterprise Edition (OAS) (Apr 2023 CPU)	Nessus	Misc.	critical
169174	Fedora 36 : drupal7 (2022-9d655503ea)	Nessus	Fedora Local Security Checks	high
169112	Fedora 35 : drupal7 (2022-bf18450366)	Nessus	Fedora Local Security Checks	high
168485	Debian DLA-3230-1 : jqueryui - LTS security update	Nessus	Debian Local Security Checks	medium
166752	Dell Wyse Management Suite < 3.7 Multiple Vulnerabilities (DSA-2022-143)	Nessus	Windows	medium
166670	Tenable Nessus 10.x < 10.4.0 Multiple Vulnerabilities (TNS-2022-21)	Nessus	Misc.	medium
163408	Oracle Oracle Database Server (Jul 2022 CPU)	Nessus	Databases	critical
161619	RHEL 8 : RHV Manager (ovirt-engine) [ovirt-4.5.0] (RHSA-2022:4711)	Nessus	Red Hat Local Security Checks	medium
161616	Tenable Nessus 10.x < 10.2.0 Third-Party Vulnerabilities (TNS-2022-11)	Nessus	Misc.	critical
161211	Nessus Network Monitor < 6.0.1 Multiple Vulnerabilities (TNS-2022-10)	Nessus	Misc.	critical
160883	Tenable SecurityCenter < 5.21.0 Multiple Vulnerabilities (TNS-2022-09)	Nessus	Misc.	critical
160036	Oracle WebLogic Server (Apr 2022 CPU)	Nessus	Misc.	critical
159919	Oracle Primavera Unifier (Apr 2022 CPU)	Nessus	CGI abuses	critical
159917	Oracle MySQL Enterprise Monitor (Apr 2022 CPU)	Nessus	CGI abuses	critical
156863	Drupal 7.x < 7.86 / 9.2.x < 9.2.11 / 9.3.x < 9.3.3 Multiple Vulnerabilities (drupal-2022-01-19)	Nessus	CGI abuses	medium
156443	JQuery UI < 1.13.0 Multiple XSS	Nessus	CGI abuses	medium
113042	jQuery UI < 1.13.0 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium

Detections

Analytics

CVE-2021-41184

medium

Tenable Plugins

medium

medium

critical

critical

medium

critical

high

high

medium

medium

medium

critical

medium

critical

critical

critical

critical

critical

critical

medium

medium

medium