SynopsisA database running on the remote host is affected by a server-side request forgery vulnerability.
DescriptionThe version of Oracle NoSQL Database Enterprise running on the remote host is prior to 19.3.12. It is, therefore, affected by a server-side request forgery vulnerability. The vulnerability exists in the jackson-databind component due to a failure to block the axis2-jaxws class from polymorphic deserialization. An unauthenticated, remote attacker can exploit this, via HTTP, to cause a takeover of Oracle NoSQL Database.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Oracle NoSQL Database Enterprise version 19.3.12 or later.