The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the Jan 2023 CPU advisory.

  - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Centralized Thirdparty     Jars (Expat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows     unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of     this vulnerability can result in takeover of Oracle HTTP Server. (CVE-2022-25236)

  - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (Apache HTTP     Server)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows     unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of     this vulnerability can result in takeover of Oracle HTTP Server. (CVE-2022-31813)     

  - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (OpenSSL)).     The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated     attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability     can result in takeover of Oracle HTTP Server. (CVE-2022-2274)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of OpenSSL installed on the remote host is prior to 3.0.5-dev. It is, therefore, affected by a vulnerability as referenced in the 3.0.5-dev advisory.

  - The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting     the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect     on such machines and memory corruption will happen during the computation. As a consequence of the memory     corruption an attacker may be able to trigger a remote code execution on the machine performing the     computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines     supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. (CVE-2022-2274)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA73176 advisory.

  - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt     the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was     preexisting in the memory that wasn't written. In the special case of in place encryption, sixteen bytes     of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and     DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q     (Affected 1.1.1-1.1.1p). (CVE-2022-2097)

  - The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting     the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect     on such machines and memory corruption will happen during the computation. As a consequence of the memory     corruption an attacker may be able to trigger a remote code execution on the machine performing the     computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines     supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. (CVE-2022-2274)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory.

  - Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core - Server     Infrastructure (OpenSSL)). Supported versions that are affected are 22.10 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Siebel CRM.
    Successful attacks of this vulnerability can result in takeover of Siebel CRM. (CVE-2022-2274)

  - Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing (Apache     Log4j)). Supported versions that are affected are 22.10 and prior. Difficult to exploit vulnerability     allows high privileged attacker with network access via HTTP to compromise Siebel Apps - Marketing.
    Successful attacks of this vulnerability can result in takeover of Siebel Apps - Marketing.
    (CVE-2021-44832)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f0e45968-faff-11ec-856e-d4c9ef517024 advisory.

  - The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting     the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect     on such machines and memory corruption will happen during the computation. As a consequence of the memory     corruption an attacker may be able to trigger a remote code execution on the machine performing the     computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines     supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. (CVE-2022-2274)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Oracle Essbase installed on the remote host is missing a security patch from the January 2023 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities, including:

  - Vulnerability in Oracle Essbase (component: Essbase Web Platform (OpenSSL)). The supported version that is     affected is 21.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via     HTTPS to compromise Oracle Essbase. Successful attacks of this vulnerability can result in takeover of     Oracle Essbase. (CVE-2022-2274)

  - Vulnerability in Oracle Essbase (component: Infrastructure (cURL)). The supported version that is affected     is 21.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to     compromise Oracle Essbase. Successful attacks of this vulnerability can result in takeover of Oracle     Essbase. (CVE-2022-42915)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of OpenSSL installed on the remote host is prior to 3.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.5 advisory.

  - The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting     the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect     on such machines and memory corruption will happen during the computation. As a consequence of the memory     corruption an attacker may be able to trigger a remote code execution on the machine performing the     computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines     supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. (CVE-2022-2274)

  - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt     the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was     preexisting in the memory that wasn't written. In the special case of in place encryption, sixteen bytes     of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and     DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q     (Affected 1.1.1-1.1.1p). (CVE-2022-2097)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of openssl installed on the remote host is prior to 1.1.1q. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-186-01 advisory.

  - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt     the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was     preexisting in the memory that wasn't written. In the special case of in place encryption, sixteen bytes     of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and     DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q     (Affected 1.1.1-1.1.1p). (CVE-2022-2097)

  - The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting     the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect     on such machines and memory corruption will happen during the computation. As a consequence of the memory     corruption an attacker may be able to trigger a remote code execution on the machine performing the     computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines     supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. (CVE-2022-2274)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Product	Family	Published	Updated	Severity
170268	Oracle HTTP Server (Jan 2023 CPU)	Nessus	Web Servers	1/23/2023	9/7/2023	critical
162673	OpenSSL 3.0.4 < 3.0.5-dev Vulnerability	Nessus	Web Servers	7/1/2022	10/23/2024	critical
182922	Juniper Junos OS Multiple Vulnerabilities (JSA73176)	Nessus	Junos Local Security Checks	10/11/2023	10/11/2023	critical
212434	Oracle Siebel Server (January 2023 CPU)	Nessus	Misc.	12/11/2024	12/12/2024	critical
162699	FreeBSD : OpenSSL -- Heap memory corruption with RSA private key operation (f0e45968-faff-11ec-856e-d4c9ef517024)	Nessus	FreeBSD Local Security Checks	7/3/2022	11/6/2023	critical
171320	Oracle Essbase (Jan 2023 CPU)	Nessus	Misc.	2/10/2023	9/4/2023	critical
162720	OpenSSL 3.0.0 < 3.0.5 Multiple Vulnerabilities	Nessus	Web Servers	7/5/2022	10/23/2024	critical
162731	Slackware Linux 15.0 / current openssl Multiple Vulnerabilities (SSA:2022-186-01)	Nessus	Slackware Local Security Checks	7/5/2022	10/19/2023	critical
502993	Siemens SIMATIC S7-1500 TM MFP Linux Kernel Out-of-bounds Write (CVE-2022-2274)	Tenable OT Security	Tenable.ot	2/25/2025	2/26/2025	critical

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical

critical

critical

critical