In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

The versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory.

  - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General     (Apache Struts)). Supported versions that are affected are 8.0.34 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. (CVE-2023-34396)

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized     Thirdparty Jars (Google Guava)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0.
    Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where     Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this     vulnerability can result in unauthorized creation, deletion or modification access to critical data or all     Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access     to all Oracle WebLogic Server accessible data. (CVE-2023-2976)

  - Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Management (Spring     Framework)). The supported version that is affected is 9.1.1.5.0. Easily exploitable vulnerability allows     low privileged attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks     of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash     (complete DOS) of Oracle SD-WAN Edge. (CVE-2023-20863)

  - Using ** as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern     matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
    (CVE-2023-34034)

  - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:
    Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key     or DH parameters may experience long delays. Where the key or parameters that are being checked have been     obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs     various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter     value can also trigger an overly long computation during some of these checks. A correct q value, if     present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if     q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an     untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself     called by a number of other OpenSSL functions. An application calling any of those other functions may     similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check().
    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the -check     option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS     providers are not affected by this issue. (CVE-2023-3817)

  - URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache     Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through     10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the     ROOT (default) web application. (CVE-2023-41080)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the July 2023 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities, including:

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized     Third Party Jars (Jettison)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. (CVE-2023-1436)

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).     Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability     allows high privileged attacker with network access via multiple protocols to compromise Oracle WebLogic     Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or     modification access to critical data or all Oracle WebLogic Server accessible data and unauthorized     ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.     (CVE-2023-22040)

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized     Thirdparty Jars (NekoHTML)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle     WebLogic Server. (CVE-2023-26119)

  Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory.

  - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin     (Apache Commons Net)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.16,     20.12.0-20.12.11 and 21.12.0-21.12.9. Easily exploitable vulnerability allows unauthenticated attacker     with network access via HTTP to compromise Primavera Gateway. Successful attacks require human interaction     from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized     access to critical data or complete access to all Primavera Gateway accessible data. (CVE-2021-37533)

  - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin     (JSZip)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.16, 20.12.0-20.12.11 and     21.12.0-21.12.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via     HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized     update, insert or delete access to some of Primavera Gateway accessible data as well as unauthorized read     access to a subset of Primavera Gateway accessible data and unauthorized ability to cause a partial denial     of service (partial DOS) of Primavera Gateway. (CVE-2022-48285)

  - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin     (json-smart)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.16, 20.12.0-20.12.11     and 21.12.0-21.12.9. Easily exploitable vulnerability allows unauthenticated attacker with network access     via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in     unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway.
    (CVE-2023-1370)

  - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin     (Spring Framework)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.16,     20.12.0-20.12.11 and 21.12.0-21.12.9. Easily exploitable vulnerability allows low privileged attacker with     network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can     result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera     Gateway. (CVE-2023-20863)


Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
183397	Oracle MySQL Enterprise Monitor (October 2023 CPU)	Nessus	CGI abuses	critical
178618	Oracle WebLogic Server (July 2023 CPU)	Nessus	Misc.	critical
178484	Oracle Primavera Gateway (Jul 2023 CPU)	Nessus	CGI abuses	high

Detections

Analytics

CVE-2023-20863

medium

Tenable Plugins

critical

critical

high