The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2511 advisory.

  - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     (CVE-2018-14371)

  - thrift: Endless loop when feed with specific input data (CVE-2019-0205)

  - thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)

  - jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

  - cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)

  - wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is     in use (CVE-2019-14887)

  - cxf: reflected XSS in the services listing page (CVE-2019-17573)

  - RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)

  - undertow: Memory exhaustion issue in HttpReadListener via Expect: 100-continue header (CVE-2020-10705)

  - undertow: invalid HTTP request with large chunk size (CVE-2020-10719)

  - resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

  - Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security     Domain (CVE-2020-1719)

  - SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current     threads context class loader (CVE-2020-1729)

  - undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

  - undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could     result in security bypass (CVE-2020-1757)

  - Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

  - cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)

  - jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

  - jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

  - jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

  - jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3639 advisory.

  - hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)

  - jackson-databind: mishandles the interaction between serialization gadgets and typing which could result     in remote command execution (CVE-2020-10672, CVE-2020-10673)

  - dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)

  - Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests     (CVE-2020-10687)

  - hibernate-validator: Improper input validation in the interpolation of constraint error messages     (CVE-2020-10693)

  - wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)

  - wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)

  - wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)

  - wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)

  - wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing     Denial of Service (CVE-2020-14307)

  - resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

  - EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)

  - Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain     (CVE-2020-1748)

  - Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

  - jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

  - jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

  - jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

  - jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2022 CPU advisory.

  - Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Intelligence, RFx     Creation). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability     allows low privileged attacker with network access via HTTP to compromise Oracle Sourcing. Successful     attacks of this vulnerability can result in unauthorized creation, deletion or modification access to     critical data or all Oracle Sourcing accessible data as well as unauthorized access to critical data or     complete access to all Oracle Sourcing accessible data. (CVE-2022-21274)

  - Vulnerability in the Oracle Project Costing product of Oracle E-Business Suite (component: Expenses,     Currency Override). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable     vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Project     Costing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or     modification access to critical data or all Oracle Project Costing accessible data as well as unauthorized     access to critical data or complete access to all Oracle Project Costing accessible data. (CVE-2022-21273)

  - Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: UI Servlet).
    Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows low     privileged attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of     this vulnerability can result in unauthorized creation, deletion or modification access to critical data     or all Oracle Configurator accessible data as well as unauthorized access to critical data or complete     access to all Oracle Configurator accessible data. (CVE-2022-21255)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3638 advisory.

  - hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)

  - jackson-databind: mishandles the interaction between serialization gadgets and typing which could result     in remote command execution (CVE-2020-10672, CVE-2020-10673)

  - dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)

  - Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests     (CVE-2020-10687)

  - hibernate-validator: Improper input validation in the interpolation of constraint error messages     (CVE-2020-10693)

  - wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)

  - wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)

  - wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)

  - wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)

  - wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing     Denial of Service (CVE-2020-14307)

  - resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

  - EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)

  - Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain     (CVE-2020-1748)

  - Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

  - jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

  - jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

  - jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

  - jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3637 advisory.

  - hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)

  - jackson-databind: mishandles the interaction between serialization gadgets and typing which could result     in remote command execution (CVE-2020-10672, CVE-2020-10673)

  - dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)

  - Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests     (CVE-2020-10687)

  - hibernate-validator: Improper input validation in the interpolation of constraint error messages     (CVE-2020-10693)

  - wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)

  - wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)

  - wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)

  - wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)

  - wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing     Denial of Service (CVE-2020-14307)

  - resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

  - EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)

  - Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain     (CVE-2020-1748)

  - Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

  - jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

  - jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

  - jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

  - jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2512 advisory.

  - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     (CVE-2018-14371)

  - thrift: Endless loop when feed with specific input data (CVE-2019-0205)

  - thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)

  - jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

  - cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)

  - wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is     in use (CVE-2019-14887)

  - cxf: reflected XSS in the services listing page (CVE-2019-17573)

  - RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)

  - undertow: Memory exhaustion issue in HttpReadListener via Expect: 100-continue header (CVE-2020-10705)

  - undertow: invalid HTTP request with large chunk size (CVE-2020-10719)

  - resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

  - Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security     Domain (CVE-2020-1719)

  - SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current     threads context class loader (CVE-2020-1729)

  - undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

  - undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could     result in security bypass (CVE-2020-1757)

  - Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

  - cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)

  - jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

  - jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

  - jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

  - jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Payara Releases reports :

The following is a list of tracked Common Vulnerabilities and Exposures that have been reported and analyzed, which can or have impacted Payara Server across releases :

- CVE-2020-6950 Eclipse Mojarra vulnerable to path trasversal flaw via either loc/con parameters

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2513 advisory.

  - mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371)

  - thrift: Endless loop when feed with specific input data (CVE-2019-0205)

  - thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)

  - jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

  - cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)

  - wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is     in use (CVE-2019-14887)

  - cxf: reflected XSS in the services listing page (CVE-2019-17573)

  - resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

  - Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security     Domain (CVE-2020-1719)

  - SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current     threads context class loader (CVE-2020-1729)

  - undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

  - undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could     result in security bypass (CVE-2020-1757)

  - Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

  - cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)

  - jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

  - jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

  - jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

  - jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

  - RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)

  - undertow: Memory exhaustion issue in HttpReadListener via Expect: 100-continue header (CVE-2020-10705)

  - undertow: invalid HTTP request with large chunk size (CVE-2020-10719)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the April 2023 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities, including:

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console     (Apache Commons FileUpload)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and     14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized     ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.
    (CVE-2023-24998)

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples     (XStream)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable     vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic     Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or     frequently repeatable crash (complete DOS) of Oracle WebLogic Server. (CVE-2022-40152)

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party     (Apache Commons Compress)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. (CVE-2021-36090)

  Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities:

  - An unspecified vulnerability in the Third Party Tools     (Bouncy Castle Java Library) component of Oracle WebLogic     Server. An unauthenticated attacker with network access     via HTTPS could exploit this vulnerability to compromise     Oracle WebLogic Server. A successful attack of this     vulnerability can result in unauthorized ability to cause     a hang or frequently repeatable crash (complete DOS) of     Oracle WebLogic Server. (CVE-2019-1735)

  - An unspecified vulnerability in the Console component of     Oracle WebLogic Server.  An unauthenticated attacker with     network access via HTTP could exploit this vulnerability     to compromise Oracle WebLogic Server. A successful attack     requires human interaction from a person other than the     attacker. A successful attacks of this vulnerability can     result in unauthorized ability to cause a partial denial     of service (partial DOS) of Oracle WebLogic Server.
    (CVE-2020-2519)   
  - An unspecified vulnerability in the Console component of     Oracle WebLogic Server.  An unauthenticated attacker with     network access via HTTP could exploit this vulnerability     to compromise Oracle WebLogic Server. A successful attack     requires human interaction from a person other than the     attacker. A successful attack of this vulnerability can     result in unauthorized update, insert or delete access     to some of Oracle WebLogic Server accessible data.
    (CVE-2020-2544)   
  - An unspecified vulnerability in the Application     Container - JavaEE component of Oracle WebLogic Server.
    An unauthenticated attacker with network access via T3     could exploit this vulnerability to compromise Oracle     WebLogic Server. A successful attack of this vulnerability     can result in takeover of Oracle WebLogic Server.
    (CVE-2020-2546)   
  - An unspecified vulnerability in the Console component of     Oracle WebLogic Server. A high privileged attacker with     network access via HTTP could exploit this vulnerability     to compromise Oracle WebLogic Server. A successful attack     requires human interaction from a person other than the     attacker and while the vulnerability is in Oracle WebLogic     Server, attacks may significantly impact additional     products. Successful attacks of this vulnerability can     result in unauthorized update, insert or delete access to     some of Oracle WebLogic Server accessible data as well as     unauthorized read access to a subset of Oracle WebLogic     Server accessible data. (CVE-2020-2547)   
  - An unspecified vulnerability in the WLS Core Components     of Oracle WebLogic Server. A high privileged attacker     with network access via HTTP could exploit this     vulnerability to compromise Oracle WebLogic Server.
    A successful attack requires human interaction from a     person other than the attacker and while the vulnerability     is in Oracle WebLogic Server, attacks may significantly     impact additional products. Successful attacks of this     vulnerability can result in unauthorized update, insert or     delete access to some of Oracle WebLogic Server accessible     data as well as unauthorized read access to a subset of     Oracle WebLogic Server accessible data.
    (CVE-2020-2548)   
  - An unspecified vulnerability in the WLS Core Components     of Oracle WebLogic Server. A high privileged attacker with     network access via HTTP could exploit this vulnerability to     compromise Oracle WebLogic Server. A successful attack of this     vulnerability can result in takeover of Oracle WebLogic Server.
    (CVE-2020-2549)   
  - An unspecified vulnerability in the WLS Core Components     of Oracle WebLogic Server. A high privileged attacker with     logon to the infrastructure where Oracle WebLogic Server     executes could exploit this vulnerability to compromise     racle WebLogic Server. A successful attack of this     vulnerability can result in unauthorized access to critical     data or complete access to all Oracle WebLogic Server     accessible data.
    (CVE-2020-2550)   
  - An unspecified vulnerability in the WLS Core Components of     Oracle WebLogic Server. An unauthenticated attacker with     network access via IIOP could exploit this vulnerability to     compromise Oracle WebLogic Server. A successful attack of this     vulnerability can result in takeover of Oracle WebLogic Server.
    (CVE-2020-2551)   
  - An unspecified vulnerability in the WLS Core Components of     Oracle WebLogic Server. A high privileged attacker with     network access via HTTP could exploit this vulnerability     to compromise Oracle WebLogic Server. A successful attack     requires human interaction from a person other than the     attacker and while the vulnerability is in Oracle     WebLogic Server, attacks may significantly impact     additional products. A successful attack of this     vulnerability can result in unauthorized update,     insert or delete access to some of Oracle WebLogic     Server accessible data as well as unauthorized read     access to a subset of Oracle WebLogic Server accessible     data. (CVE-2020-2552)   
  - An unspecified vulnerability in the Web Container     (JavaServer Faces) Components of Oracle WebLogic Server.
    An unauthenticated attacker with network access via     HTTP could exploit this vulnerability to compromise     Oracle WebLogic Server. A successful attack of this     vulnerability can result in unauthorized access to     critical data or complete access to all Oracle WebLogic     Server accessible data. (CVE-2020-6950)

ID	Name	Product	Family	Published	Updated	Severity
137331	RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.1 Security update (Important) (RHSA-2020:2511)	Nessus	Red Hat Local Security Checks	6/11/2020	3/7/2024	critical
140392	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 (RHSA-2020:3639)	Nessus	Red Hat Local Security Checks	9/8/2020	2/21/2024	critical
156890	Oracle E-Business Suite (Jan 2022 CPU)	Nessus	Misc.	1/20/2022	11/20/2023	high
140390	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 (RHSA-2020:3638)	Nessus	Red Hat Local Security Checks	9/8/2020	2/21/2024	critical
140397	RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 (RHSA-2020:3637)	Nessus	Red Hat Local Security Checks	9/8/2020	2/21/2024	critical
137333	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.1 Security update (Important) (RHSA-2020:2512)	Nessus	Red Hat Local Security Checks	6/11/2020	3/7/2024	critical
141318	FreeBSD : Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra (b07bdd3c-0809-11eb-a3a4-0019dbb15b3f)	Nessus	FreeBSD Local Security Checks	10/9/2020	8/10/2021	medium
137334	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.1 Security update (Important) (RHSA-2020:2513)	Nessus	Red Hat Local Security Checks	6/11/2020	4/28/2024	critical
174464	Oracle WebLogic Server (Apr 2023 CPU)	Nessus	Misc.	4/19/2023	12/12/2023	high
132961	Oracle WebLogic Server Multiple Vulnerabilities (Jan 2020 CPU)	Nessus	Misc.	1/16/2020	11/16/2023	critical

Detections

Analytics

Plugins Search

critical

critical

high

critical

critical

critical

medium

critical

high

critical