New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
Synopsis
The remote host is affected by multiple vulnerabilities
Description
The 13.3.0.1 versions of Application Testing Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2021 CPU advisory.
- Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component:
Load Testing for Web Apps (dom4j)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. (CVE-2020-10683)
- Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component:
Load Testing for Web Apps (jQuery)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Testing Suite, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data as well as unauthorized read access to a subset of Oracle Application Testing Suite accessible data. (CVE-2020-11022)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Apply the appropriate patch according to the January 2021 Oracle Critical Patch Update advisory.