Oracle Primavera Gateway Multiple Vulnerabilities (Oct 2019 CPU)
High Nessus Plugin ID 130019
SynopsisAn application running on the remote web server is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.17, 16.x prior to 16.2.10, 17.x prior to 17.12.5, or 18.x prior to 18.8.7. It is, therefore, affected by multiple vulnerabilities:
- An arbitrary file read vulnerability exists in the FasterXML jackson-databind component, which is version 2.x prior to 2.9.9. This vulnerability is due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. An unauthenticated, remote attacker can exploit this by hosting a crafted MySQL server reachable by the victim and sending a crated JSON message that allows them to read arbitrary files and disclose sensitive information. (CVE-2019-12086)
- Denial of service (DoS) vulnerabilities exist in the Apache POI component, which is prior to 3.1.7, due to a flaw when parsing crafted WMF, EMF, MSG, macros, DOC, PPT, and XLS. An unauthenticated, remote attacker can exploit this issue, via sending crafted input, to cause the application to stop responding.
- A remote code execution vulnerability exists in the FasterXML jackson-databind component, which is prior to 220.127.116.11, due to a flaw in how default typing is handled when ehcache is used because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. (CVE-2019-14379)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Oracle Primavera Gateway version 15.2.17 / 16.2.10 / 17.12.5 / 18.8.7 or later.