Oracle Primavera Gateway Multiple Vulnerabilities (Jan 2020 CPU)
High Nessus Plugin ID 132936
SynopsisAn application running on the remote web server is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.18, 16.x prior to 16.2.11, 17.x prior to 17.12.6, or 18.x prior to 188.8.131.52. It is, therefore, affected by multiple vulnerabilities, including the following:
- Two Polymorphic Typing issues present in FasterXML jackson-databind related to com.zaxxer.hikari.HikariDataSource which can be exploited by remote, unauthenticated attackers.
- A man-in-the-middle vulnerability caused by the getCN function in Apache Axis not properly verifying that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. An unauthenticated, remote attacker can exploit this to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not a CN field. (CVE-2014-3596)
- A Server Side Request Forgery (SSRF) vulnerability in Apache Axis that can be exploited by an unauthenticated, remote attacker. (CVE-2019-0227)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Oracle Primavera Gateway version 15.2.18 / 16.2.11 / 17.12.6 / 184.108.40.206 or later.