Oracle Enterprise Manager Cloud Control (Jan 2020 CPU)

medium Nessus Plugin ID 133055


An enterprise management application installed on the remote host is affected by multiple vulnerabilities.


The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component:

- Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager, Supported versions that are affected are, and Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform.

Following components of Enterprise Manager Base Platform product are vulnerable to above vulnerability:

- Application Service Level Mgmt (CVE-2020-2631, CVE-2020-2636)
- Connector Framework (CVE-2020-2624, CVE-2020-2633, CVE-2020-2642, CVE-2020-2645)
- Enterprise Config Management (CVE-2020-2610, CVE-2020-2611, CVE-2020-2612, CVE-2020-2618, CVE-2020-2619, CVE-2020-2620, CVE-2020-2621)
- Cloud Control Manager - OMS (CVE-2020-2626)
- Configuration Standard Framewk (CVE-2020-2634)
- Discovery Framework (CVE-2020-2617)
- Enterprise Manager Repository (CVE-2020-2616)
- Event Management (CVE-2020-2622)
- Extensibility Framework (CVE-2020-2629, CVE-2020-2630)
- Global EM Framework (CVE-2020-2613)
- Host Management (CVE-2020-2628, CVE-2020-2639)
- Job System (CVE-2020-2625, CVE-2020-2643)
- Metrics Framework (CVE-2020-2623)
- Oracle Management Service (CVE-2020-2615, CVE-2020-2644)
- Repository (CVE-2020-2608)
- System Monitoring (CVE-2020-2632, CVE-2020-2635)


Apply the appropriate patch according to the Jan 2020 Oracle Critical Patch Update advisory.

See Also

Plugin Details

Severity: Medium

ID: 133055

File Name: oracle_enterprise_manager_jan_2020_cpu.nasl

Version: 1.6

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 1/17/2020

Updated: 8/1/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent

Risk Information


Risk Factor: Medium

Score: 4.7


Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2020-2645


Risk Factor: Medium

Base Score: 6

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:enterprise_manager

Required KB Items: installed_sw/Oracle Enterprise Manager Cloud Control

Exploit Ease: No known exploits are available

Patch Publication Date: 1/14/2020

Vulnerability Publication Date: 1/14/2020

Reference Information

CVE: CVE-2020-2608, CVE-2020-2610, CVE-2020-2611, CVE-2020-2612, CVE-2020-2613, CVE-2020-2615, CVE-2020-2616, CVE-2020-2617, CVE-2020-2618, CVE-2020-2619, CVE-2020-2620, CVE-2020-2621, CVE-2020-2622, CVE-2020-2623, CVE-2020-2624, CVE-2020-2625, CVE-2020-2626, CVE-2020-2628, CVE-2020-2629, CVE-2020-2630, CVE-2020-2631, CVE-2020-2632, CVE-2020-2633, CVE-2020-2634, CVE-2020-2635, CVE-2020-2636, CVE-2020-2639, CVE-2020-2642, CVE-2020-2643, CVE-2020-2644, CVE-2020-2645

IAVA: 2020-A-0017