Oracle Database Management Plug-In Unix (October 2013 CPU) (credentialed check)

medium Nessus Plugin ID 70546

Synopsis

A database management application installed on the remote host is affected by multiple vulnerabilities.

Description

The Oracle Database Management Plug-In installed on the remote host is missing the October 2013 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities in the Enterprise Manager Base Platform component :

- An unspecified flaw exists in the Schema Management subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2013-3762)

- An unspecified flaw exists in the DB Performance Advisories/UIs subcomponent that allows an unauthenticated, remote attacker to impact integrity.
(CVE-2013-5766)

- Multiple unspecified flaws exist in the Storage Management subcomponent that allow an unauthenticated, remote attacker to impact integrity. (CVE-2013-5827, CVE-2013-5828)

Solution

Apply the appropriate patch according to the October 2013 Oracle Critical Patch Update advisory.

See Also

http://www.nessus.org/u?ac29c174

Plugin Details

Severity: Medium

ID: 70546

File Name: oracle_db_mgmt_plugin_oct2013_cpu_nix.nasl

Version: 1.18

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 10/22/2013

Updated: 11/27/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2013-5828

CVSS v3

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 4.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:enterprise_manager_plugin_for_database_control

Required KB Items: Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 10/15/2013

Vulnerability Publication Date: 10/15/2013

Reference Information

CVE: CVE-2013-3762, CVE-2013-5766, CVE-2013-5827, CVE-2013-5828

BID: 63056, 63064, 63068, 63071