Oracle Primavera Gateway Multiple Vulnerabilities (Oct 2019 CPU)

High Nessus Plugin ID 130019

Synopsis

An application running on the remote web server is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.17, 16.x prior to 16.2.10, 17.x prior to 17.12.5, or 18.x prior to 18.8.7. It is, therefore, affected by multiple vulnerabilities:

- An arbitrary file read vulnerability exists in the FasterXML jackson-databind component, which is version 2.x prior to 2.9.9. This vulnerability is due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. An unauthenticated, remote attacker can exploit this by hosting a crafted MySQL server reachable by the victim and sending a crated JSON message that allows them to read arbitrary files and disclose sensitive information. (CVE-2019-12086)

- Denial of service (DoS) vulnerabilities exist in the Apache POI component, which is prior to 3.1.7, due to a flaw when parsing crafted WMF, EMF, MSG, macros, DOC, PPT, and XLS. An unauthenticated, remote attacker can exploit this issue, via sending crafted input, to cause the application to stop responding.
(CVE-2017-12626)

- A remote code execution vulnerability exists in the FasterXML jackson-databind component, which is prior to 2.9.0.2, due to a flaw in how default typing is handled when ehcache is used because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. (CVE-2019-14379)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Oracle Primavera Gateway version 15.2.17 / 16.2.10 / 17.12.5 / 18.8.7 or later.

See Also

http://www.nessus.org/u?f7302206

http://www.nessus.org/u?8f2e008f

Plugin Details

Severity: High

ID: 130019

File Name: oracle_primavera_gateway_cpu_oct_2019.nasl

Version: 1.2

Type: remote

Family: CGI abuses

Published: 2019/10/18

Updated: 2019/10/18

Dependencies: 101902

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2019-14379

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: x-cpe:/a:oracle:primavera_gateway

Required KB Items: installed_sw/Oracle Primavera Gateway

Exploit Ease: No known exploits are available

Patch Publication Date: 2019/10/15

Vulnerability Publication Date: 2018/01/29

Reference Information

CVE: CVE-2017-12626, CVE-2019-12086, CVE-2019-14379

BID: 102879, 109227

IAVA: 2019-A-0380