CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.

The version of IBM Engineering Requirements Management DOORS (formerly IBM Rational DOORS) installed on the remote host is 9.7.2.x prior to 9.7.2.8. It is, therefore, affected by multiple vulnerabilities as referenced in the 7124058 advisory.

  - Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet     containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly     vulnerable to an authorization bypass. (CVE-2022-32532)

  - The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow     a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary     shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client     or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade     both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
    (CVE-2023-46604)

  - Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be     exploited. There is only a risk in conjunction with Java object deserialization within an application. In     such situations, it allows attackers to erase contents of arbitrary files, make network connections, or     possibly run arbitrary code (specifically, Function0 functions) via a gadget chain. (CVE-2022-36944)

  - IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which     could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the     website trusts. IBM X-Force ID: 251216. (CVE-2023-28949)

  - A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows     remote attackers to inject arbitrary web script through a crafted protected comment (with the     cke_protected syntax). (CVE-2020-9281)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of IBM Cognos Analytics installed on the remote host is 11.1.x prior to 11.1.7 Fix Pack 7 or 11.2.x prior to 11.2.4 FP1. It is, therefore, affected by multiple vulnerabilities, including the following:

  - GNOME libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free     flaw in the xmlXIncludeDoProcess() function in xinclude.c. By sending a specially-crafted file, an attacker could     exploit this vulnerability to execute arbitrary code on the system. (CVE-2021-3518)

  - Node.js could allow a local attacker to gain elevated privileges on the system, caused by the DLL search order     hijacking of providers.dll. By placing a specially crafted file, an attacker could exploit this vulnerability     to escalate privileges. (CVE-2022-32223)

  - Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service     (ReDoS) flaw in inline.reflinkSearch. By sending a specially-crafted regex input, a remote attacker could exploit     this vulnerability to cause a denial of service condition. (CVE-2022-21681)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-b61dfd219b advisory.

  - CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered     in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The     vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in     executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has     been recognized and patched. The fix will be available in version 4.17.0. (CVE-2021-41164)

  - CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered     in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability     allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing     JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been     recognized and patched. The fix will be available in version 4.17.0. (CVE-2021-41165)

  - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered     in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0.
    The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could     result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently     no known workarounds. (CVE-2022-24728)

  - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0     contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input     validator regular expression, which can cause a significant performance drop resulting in a browser tab     freeze. A patch is available in version 4.18.0. There are currently no known workarounds. (CVE-2022-24729)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The 12.2.1.3.0 and 12.2.1.4.0 versions of WebCenter Sites installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory.

  - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Centralized Thirdparty     Jars (dojo)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability     allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful     attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. (CVE-2021-23450)

  - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites     (XStream)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability     allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful     attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash     (complete DOS) of Oracle WebCenter Sites. (CVE-2021-43859)

  - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites     (CKEditor)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability     allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful     attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash     (complete DOS) of Oracle WebCenter Sites. (CVE-2022-24729)

  - CVE-2022-32532	Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component:     WebCenter Sites (Apache Shiro)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle     WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites.     (CVE-2022-32532)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Oracle Business Intelligence Enterprise Edition (OAS) installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory.

  - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter     Sites (CKEditor)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable     vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter     Sites. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or     frequently repeatable crash (complete DOS) of Oracle WebCenter Sites. (CVE-2022-24729)

  - Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component:
    Installation and Configuration (Apache Commons Configuration)). The supported version that is affected is     11.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to     compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result     in takeover of Oracle Hyperion Infrastructure Technology. (CVE-2022-33980)   
  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware     (component: Analytics Web ADF Integration (Apache Commons Compress)). The supported version that is     affected is 5.9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access     via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of Oracle Business Intelligence Enterprise Edition. (CVE-2021-36090)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Oracle Business Intelligence Enterprise Edition (OAS) installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory.

  - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter     Sites (CKEditor)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable     vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter     Sites. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or     frequently repeatable crash (complete DOS) of Oracle WebCenter Sites. (CVE-2022-24729)

  - Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component:
    Installation and Configuration (Apache Commons Configuration)). The supported version that is affected is     11.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to     compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result     in takeover of Oracle Hyperion Infrastructure Technology. (CVE-2022-33980)

  - jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large     depth of nested objects. (CVE-2020-36518)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the Oct 2022 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilites:

  - Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component:     Framework (dojo)). The supported version that is affected is 3.0.3.0. Easily exploitable vulnerability allows     unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergence. Successful     attacks of this vulnerability can result in takeover of Oracle Communications Convergence. (CVE-2021-23450)

  - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework     (jackson-databind)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable     vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal.     Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently     repeatable crash (complete DOS) of Oracle WebCenter Portal. (CVE-2020-36518)

  - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework     (Apache Santuario XML Security For Java)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0.     Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle     WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized access to critical data or     complete access to all Oracle WebCenter Portal accessible data. (CVE-2021-40690)

Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.

The 12.1.0.2, 19c, 21c, All Supported Versions, and None versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory.

  - Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server.
    For supported versions that are affected see note. Easily exploitable vulnerability allows low privileged     attacker having Local Logon privilege with logon to the infrastructure where Oracle Database - Enterprise     Edition Sharding executes to compromise Oracle Database - Enterprise Edition Sharding. While the     vulnerability is in Oracle Database - Enterprise Edition Sharding, attacks may significantly impact     additional products (scope change). Successful attacks of this vulnerability can result in takeover of     Oracle Database - Enterprise Edition Sharding. (CVE-2022-21510)

  - Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For     supported versions that are affected see note. Easily exploitable vulnerability allows high privileged     attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with network access via Oracle Net to compromise Oracle     Database - Enterprise Edition Recovery. Successful attacks of this vulnerability can result in takeover of     Oracle Database - Enterprise Edition Recovery. Note: None of the supported versions are affected. (CVE-2022-21511)

  - Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are     12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure     privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability     can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible     data. (CVE-2022-21565)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.15 or 9.3.x prior to 9.3.8. It is, therefore, affected by multiple vulnerabilities due to its usage of a third party component, CKEditor, for WYSIWYG editing:

 - A vulnerability has been discovered in CKEditor 4 HTML processing core module. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. (CVE-2022-24728)

 - A vulnerability has been discovered in CKEditor 4 dialog plugin. The vulnerability allowed to abuse a dialog input validator regular expression, which could cause a significant performance drop resulting in a browser tab freeze. (CVE-2022-24729)

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.15 or 9.3.x prior to 9.3.8. It is, therefore, affected by multiple vulnerabilities.

  - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0     contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input     validator regular expression, which can cause a significant performance drop resulting in a browser tab     freeze. A patch is available in version 4.18.0. There are currently no known workarounds. (CVE-2022-24729)

  - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered     in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0.
    The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could     result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently     no known workarounds. (CVE-2022-24728)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
191754	IBM Engineering Requirements Management DOORS 9.7.2.x < 9.7.2.8 Multiple Vulnerabilities (7124058)	Nessus	Windows	critical
175429	IBM Cognos Analytics Multiple Vulnerabilities (6986505)	Nessus	CGI abuses	critical
169023	Fedora 36 : ckeditor (2022-b61dfd219b)	Nessus	Fedora Local Security Checks	medium
166377	Oracle WebCenter Sites (Oct 2022 CPU)	Nessus	Windows	critical
166337	Oracle Business Intelligence Publisher 5.9.x < 5.9.0(OAS) (Oct 2022 CPU)	Nessus	Misc.	critical
166336	Oracle Business Intelligence Publisher 5.9.x < 5.9.0 (OAS) (Oct 2022 CPU)	Nessus	Misc.	critical
166335	Oracle WebCenter Portal Multiple Vulnerabilities (Oct 2022 CPU)	Nessus	Misc.	critical
163408	Oracle Oracle Database Server (Jul 2022 CPU)	Nessus	Databases	critical
113206	Drupal 9.3.x < 9.3.8 Third-Party Library Vulnerability	Web App Scanning	Component Vulnerability	high
113204	Drupal 9.2.x < 9.2.15 Third-Party Library Vulnerability	Web App Scanning	Component Vulnerability	high
158982	Drupal 9.2.x < 9.2.15 / 9.3.x < 9.3.8 Multiple Vulnerabilities (drupal-2022-03-16)	Nessus	CGI abuses	medium

Detections

Analytics

CVE-2022-24729

high

Tenable Plugins

critical

critical

medium

critical

critical

critical

critical

critical

high

high

medium