A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.

oracle CPUApr2025: Primavera P6 Enterprise Project Portfolio Management

The versions of Primavera Unifier installed on the remote host are affected by a denial of service vulnerability as referenced in the April 2025 CPU advisory.

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform     (json-smart)). Supported versions that are affected are 21.12.0-21.12.17, 22.12.0-22.12.15,     23.12.0-23.12.13 and 24.12.0-24.12.3. Easily exploitable vulnerability allows unauthenticated attacker     with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can     result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera     Unifier. (CVE-2024-38819)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2025 CPU advisory.

  - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin     (Google Protobuf-Java)). Supported versions that are affected are 20.12.0-20.12.17 and 21.12.0-21.12.15.
    Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to     compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized ability     to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. (CVE-2024-7254)

  - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin     (json-smart)). Supported versions that are affected are 20.12.0-20.12.17 and 21.12.0-21.12.15. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a     hang or frequently repeatable crash (complete DOS) of Primavera Gateway. (CVE-2024-57699)

  - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin     (Apache Commons IO)). Supported versions that are affected are 20.12.0-20.12.17 and 21.12.0-21.12.15.
    Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to     compromise Primavera Gateway. Successful attacks require human interaction from a person other than the     attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial     denial of service (partial DOS) of Primavera Gateway. (CVE-2024-47554)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Oracle Application Testing Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2025 CPU advisory.

  - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component:
    Load Testing for Web Apps (json-smart)). The supported version that is affected is 13.3.0.1. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized     ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Testing     Suite. (CVE-2024-57699)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted     JSON input, containing a large number of '{', a stack exhaustion can be trigger, which could allow an     attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for     CVE-2023-1370. (CVE-2024-57699)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
234790	Oracle Primavera Unifier DoS (Apr 2025 CPU)	Nessus	CGI abuses	high
234550	Oracle Primavera Gateway (Apr 2025 CPU)	Nessus	CGI abuses	high
234548	Oracle Application Testing Suite (April 2025 CPU)	Nessus	Misc.	high
231555	Linux Distros Unpatched Vulnerability : CVE-2024-57699	Nessus	Misc.	high

Detections

Analytics

CVE-2024-57699

high

Tenable Plugins

Coming Soon

high

high

high

high