New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
Synopsis
An enterprise management application installed on the remote host is affected by multiple vulnerabilities.
Description
The version of Oracle Enterprise Manager Ops Center installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component:
- An unspecified vulnerability in the Networking (cURL) component of Oracle Enterprise Manager Ops Center. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Ops Center.
A successful attack of this vulnerability can result in takeover of Enterprise Manager Ops Center. (CVE-2019-5443)
- An unspecified vulnerability in the Networking (jQuery) component of Oracle Enterprise Manager Ops Center.
A difficult to exploit vulnerability could allow a low privileged attacker with logon to the infrastructure where Enterprise Manager Ops Center executes to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability can result in unauthorized access of Enterprise Manager Ops Center data. (CVE-2019-11358)
- An unspecified vulnerability in the OS Provisioning (Apache HTTP Server) component of Oracle Enterprise Manager Ops Center. An easily exploitable vulnerability could allow an unauthenticated attacker with network access via multiple protocols to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability can result in unauthorized access of Enterprise Manager Ops Center data. (CVE-2019-9517)
Solution
Apply the appropriate patch according to the October 2019 Oracle Critical Patch Update advisory.