Detections
Analytics
Oracle Secure Global Desktop Multiple Vulnerabilities (April 2014 CPU)
high Nessus Plugin ID 73596
Language:
Synopsis
The remote host has a version of Oracle Secure Global Desktop that is affected by multiple vulnerabilities.Description
The remote host has a version of Oracle Secure Global Desktop that is version 4.63, 4.71, 5.0 or 5.1. It is, therefore, affected by the following vulnerabilities :- A buffer overflow flaw exists in the 'bdfReadCharacters' function within 'bitmap/bdfread.c' of the included X.Org libXfont. This could allow a remote attacker to cause a denial of service attack or possibly execute arbitrary code. (CVE-2013-6462)
- A flaw exists with the Workspace Web Application. This could allow a remote attacker to impact the integrity of the application. Note this only affects versions 5.0 and 5.1 of Oracle Secure Global Desktop.
(CVE-2014-2439)
- A flaw exists with the Workspace Web Application. This could allow a remote attacker to impact the confidentiality and integrity of the application.
(CVE-2014-2463)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported patch information.
Solution
Apply the appropriate patch according to the April 2014 Oracle Critical Patch Update advisory.See Also
Plugin Details
Severity: High
ID: 73596
File Name: oracle_secure_global_desktop_apr_2014_cpu.nasl
Version: 1.12
Type: local
Agent: windows, macosx, unix
Family: Misc.
Published: 4/17/2014
Updated: 10/25/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:oracle:virtualization_secure_global_desktop
Required KB Items: Host/Oracle_Secure_Global_Desktop/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 4/15/2014
Vulnerability Publication Date: 1/7/2014
Exploitable With
Core Impact