SynopsisAn application server installed on the remote host is affected by multiple vulnerabilities.
DescriptionThe version of Oracle Tuxedo installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities:
- An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack. An unauthenticated attacker can exploit this to disclose potentially sensitive information. (CVE-2018-0734, CVE-2018-0735, CVE-2018-5407)
SolutionApply the appropriate patch according to the April 2019 Oracle Critical Patch Update advisory.