Oracle Primavera Gateway Multiple Vulnerabilities (Jan 2020 CPU)

critical Nessus Plugin ID 132936

Synopsis

An application running on the remote web server is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.18, 16.x prior to 16.2.11, 17.x prior to 17.12.6, or 18.x prior to 18.8.8.1. It is, therefore, affected by multiple vulnerabilities, including the following:

- Two Polymorphic Typing issues present in FasterXML jackson-databind related to com.zaxxer.hikari.HikariDataSource which can be exploited by remote, unauthenticated attackers.
(CVE-2019-16335, CVE-2019-14540)

- A man-in-the-middle vulnerability caused by the getCN function in Apache Axis not properly verifying that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. An unauthenticated, remote attacker can exploit this to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not a CN field. (CVE-2014-3596)

- A Server Side Request Forgery (SSRF) vulnerability in Apache Axis that can be exploited by an unauthenticated, remote attacker. (CVE-2019-0227)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Oracle Primavera Gateway version 15.2.18 / 16.2.11 / 17.12.6 / 18.8.8.1 or later.

See Also

https://www.oracle.com/security-alerts/cpujan2020.html#AppendixPVA

https://support.oracle.com/rs?type=doc&id=2620236.1

Plugin Details

Severity: Critical

ID: 132936

File Name: oracle_primavera_gateway_cpu_jan_2020.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 1/15/2020

Updated: 12/5/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-16335

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:primavera_gateway

Required KB Items: installed_sw/Oracle Primavera Gateway

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/14/2020

Vulnerability Publication Date: 8/26/2014

Reference Information

CVE: CVE-2014-3596, CVE-2015-9251, CVE-2018-8032, CVE-2019-0227, CVE-2019-11358, CVE-2019-12415, CVE-2019-14540, CVE-2019-16335

BID: 69295, 105658, 107867, 108023

IAVA: 2020-A-0140