When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.

The version of IBM Cognos Analytics installed on the remote host is prior to 11.1.7 FP8, 11.2.4 FP3, or 12.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the IBM Security Bulletin No. 7123154, including the following:

  - When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the   allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using   Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which   addresses this issue. (CVE-2023-39410)

  - In order to decrypt SM2 encrypted data an application is expected to call the API function   EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the   'out' parameter can be NULL and, on exit, the 'outlen' parameter is populated with the buffer size required   to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call   EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the 'out' parameter. A bug in the   implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the   plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by   the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a   second time with a buffer that is too small. A malicious attacker who is able present SM2 content for   decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of   62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour   or causing the application to crash. The location of the buffer is application dependent but is typically   heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). (CVE-2021-3711)

  - SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.
  Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using   SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend   upgrading to version 2.0 and beyond. (CVE-2022-1471)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-94108 advisory.

  - This High severity org.apache.avro:avro Dependency vulnerability was introduced in versions 4.1 of     Confluence Data Center and Server. (CVE-2023-39410)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Oracle Business Intelligence Enterprise Edition (OAS) 6.4.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory, including the following:

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Analytics Server (Apache Solr)). The supported version that is affected is 6.4.0.0.0.     Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to     compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can     result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle     Business Intelligence Enterprise Edition. (CVE-2021-33813)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Visual Analyzer (Apache Ivy)). The supported version that is affected is 6.4.0.0.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise     Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of     Oracle Business Intelligence Enterprise Edition. (CVE-2022-46751)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily     exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise     Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business     Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change).     Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle     Business Intelligence Enterprise Edition accessible data. (CVE-2024-20904)   Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle Business Intelligence Enterprise Edition (OAS) 7.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory, including the following:

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Installation (Google Gson)). Supported versions that are affected are 6.4.0.0.0 and     7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via     HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash     (complete DOS) of Oracle Business Intelligence Enterprise Edition. (CVE-2022-25647)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Majel Mobile Service (JSON-java)). Supported versions that are affected are 6.4.0.0.0 and     7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of     Oracle Business Intelligence Enterprise Edition. (CVE-2023-5072)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Visual Analyzer (Snappy)). The supported version that is affected is 7.0.0.0.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to     compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of     Oracle Business Intelligence Enterprise Edition. (CVE-2023-43642)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7639 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.

    See the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most     significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset     Attack) (CVE-2023-44487)

    * avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK     (CVE-2023-39410)

    * guava: insecure temporary directory creation (CVE-2023-2976)

    * eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)

    * jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()     (CVE-2023-26048)

    * jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)

    * sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)

    A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the     References section.

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7638 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.

    See the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most     significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset     Attack) (CVE-2023-44487)

    * avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK     (CVE-2023-39410)

    * guava: insecure temporary directory creation (CVE-2023-2976)

    * eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)

    * jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()     (CVE-2023-26048)

    * jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)

    * sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)

    A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the     References section.

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7637 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.

    See the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most     significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset     Attack) (CVE-2023-44487)

    * avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK     (CVE-2023-39410)

    * guava: insecure temporary directory creation (CVE-2023-2976)

    * eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)

    * jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()     (CVE-2023-26048)

    * jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)

    * sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)

    A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the     References section.

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
193868	IBM Cognos Analytics 11.1.1 < 11.1.7 FP8 / 11.2.x < 11.2.4 FP3 / 12.0.x < 12.0.2 (7123154)	Nessus	CGI abuses	critical
191555	Atlassian Confluence 4.1.x < 7.19.17 / 8.0.x < 8.5.4 / 8.6.x < 8.6.2 / 8.7.x < 8.7.2 / 8.8.0 (CONFSERVER-94108)	Nessus	CGI abuses	high
189734	Oracle Business Intelligence Enterprise Edition (OAS 6.4) (January 2024 CPU)	Nessus	Misc.	high
189732	Oracle Business Intelligence Enterprise Edition (OAS 7.0) (January 2024 CPU)	Nessus	Misc.	high
186544	RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 9 (RHSA-2023:7639)	Nessus	Red Hat Local Security Checks	high
186543	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 (RHSA-2023:7638)	Nessus	Red Hat Local Security Checks	high
186542	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 7 (RHSA-2023:7637)	Nessus	Red Hat Local Security Checks	high

Detections

Analytics

CVE-2023-39410

high

Tenable Plugins

critical

high

high

high

high

high

high