Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_RDBMS_CPU_OCT_2023.NASL
HistoryOct 20, 2023 - 12:00 a.m.

Oracle Database Server (October 2023 CPU)

2023-10-2000:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
74
oracle database server
remote host
vulnerabilities
oracle spatial and graph
oml4py
pl/sql
cve-2023-38039
cve-2022-23491
cve-2023-22071
security-in-depth.

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.1%

JSON

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory.

  • Vulnerability in the Oracle Spatial and Graph (cURL) component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle Spatial and Graph (cURL). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Spatial and Graph (cURL).
    (CVE-2023-38039)

  • Vulnerability in the OML4Py (cryptography) component of Oracle Database Server. Supported versions that are affected are 21.3-21.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise OML4Py (cryptography). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all OML4Py (cryptography) accessible data. (CVE-2022-23491)

  • Vulnerability in the PL/SQL component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute on sys.utl_http privilege with network access via Oracle Net to compromise PL/SQL.
    Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PL/SQL, attacks may significantly impact additional products (scope change).
    Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PL/SQL accessible data as well as unauthorized read access to a subset of PL/SQL accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PL/SQL. (CVE-2023-22071)

  • Security-in-depth update for non-exploitable vulnerabilities CVE-2020-25649, CVE-2020-36518, CVE-2021-34031, CVE-2022-4899, CVE-2022-42003, CVE-2022-42004, CVE-2022-46908, CVE-2023-2976 and CVE-2023-35887.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(183503);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/18");

  script_cve_id(
    "CVE-2021-24031",
    "CVE-2022-23491",
    "CVE-2022-40896",
    "CVE-2022-40897",
    "CVE-2022-42004",
    "CVE-2022-44729",
    "CVE-2022-46908",
    "CVE-2023-2976",
    "CVE-2023-22071",
    "CVE-2023-22073",
    "CVE-2023-22074",
    "CVE-2023-22075",
    "CVE-2023-22077",
    "CVE-2023-22096",
    "CVE-2023-28320",
    "CVE-2023-28321",
    "CVE-2023-28322",
    "CVE-2023-35116",
    "CVE-2023-35887",
    "CVE-2023-38039",
    "CVE-2023-38325"
  );
  script_xref(name:"IAVA", value:"2023-A-0556");
  script_xref(name:"IAVA", value:"2023-A-0558");
  script_xref(name:"IAVA", value:"2023-A-0559");
  script_xref(name:"IAVA", value:"2023-A-0562");
  script_xref(name:"IAVA", value:"2023-A-0554-S");

  script_name(english:"Oracle Database Server (October 2023 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as
referenced in the October 2023 CPU advisory.

  - Vulnerability in the Oracle Spatial and Graph (cURL) component of Oracle Database Server. Supported
    versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows low
    privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle
    Spatial and Graph (cURL). Successful attacks of this vulnerability can result in unauthorized ability to
    cause a hang or frequently repeatable crash (complete DOS) of Oracle Spatial and Graph (cURL).
    (CVE-2023-38039)

  - Vulnerability in the OML4Py (cryptography) component of Oracle Database Server. Supported versions that
    are affected are 21.3-21.11. Difficult to exploit vulnerability allows unauthenticated attacker with
    network access via HTTP to compromise OML4Py (cryptography). Successful attacks of this vulnerability can
    result in unauthorized creation, deletion or modification access to critical data or all
    OML4Py (cryptography) accessible data. (CVE-2022-23491)

  - Vulnerability in the PL/SQL component of Oracle Database Server. Supported versions that are affected are
    19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create
    Session, Execute on sys.utl_http privilege with network access via Oracle Net to compromise PL/SQL.
    Successful attacks require human interaction from a person other than the attacker and while the
    vulnerability is in PL/SQL, attacks may significantly impact additional products (scope change).
    Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to
    some of PL/SQL accessible data as well as unauthorized read access to a subset of PL/SQL accessible data
    and unauthorized ability to cause a partial denial of service (partial DOS) of PL/SQL. (CVE-2023-22071)

  - Security-in-depth update for non-exploitable vulnerabilities CVE-2020-25649, CVE-2020-36518, CVE-2021-34031,
    CVE-2022-4899, CVE-2022-42003, CVE-2022-42004, CVE-2022-46908, CVE-2023-2976 and CVE-2023-35887.


Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cpuoct2023cvrf.xml");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuoct2023.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2023 Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"manual");
  script_set_attribute(attribute:"cvss_score_rationale", value:"CVSS vector from vendor advisory");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/10/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/10/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin");

  exit(0);
}

include('vcf.inc');
include('vcf_extras_oracle.inc');

var app_info = vcf::oracle_rdbms::get_app_info();

var constraints = [
  # RDBMS:
  {'min_version': '21.0', 'fixed_version': '21.12.0.0.231017', 'missing_patch':'35681617', 'os':'win', 'component':'db'},
  {'min_version': '21.0', 'fixed_version': '21.12.0.0.231017', 'missing_patch':'35740258', 'os':'unix', 'component':'db'},

  {'min_version': '19.0', 'fixed_version': '19.21.0.0.231017', 'missing_patch':'35681522', 'os':'win', 'component':'db'},
  {'min_version': '19.0', 'fixed_version': '19.21.0.0.231017', 'missing_patch':'35643107', 'os':'unix', 'component':'db'},

  # OJVM:
  {'min_version': '19.0',  'fixed_version': '19.21.0.0.231017', 'missing_patch':'35648110', 'os':'win', 'component':'ojvm'},
  {'min_version': '19.0',  'fixed_version': '19.21.0.0.231017', 'missing_patch':'35648110', 'os':'unix', 'component':'ojvm'}

];

vcf::oracle_rdbms::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_WARNING
);
VendorProductVersionCPE
oracledatabase_servercpe:/a:oracle:database_server

References

Related

ibm 47
openvas 29
mageia 3
nessus 42
debian 2
osv 13
slackware 1
freebsd 1
redos 1
gentoo 1
redhat 3
fedora 4
oraclelinux 1
almalinux 1
suse 1
nvd 8
cloudfoundry 2
ubuntu 3
prion 9
cve 8
packetstorm 1
cvelist 6
atlassian 1
redhatcve 2
debiancve 2
ubuntucve 2
alpinelinux 2
veracode 1
github 1
cbl_mariner 1
ibm
ibm
Security Bulletin: FasterXML Jackson Databind used by CICS Transaction Gateway is vulnerable to a denial of service and could provide weaker than expected security
2022-12-08 10:43:01
Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance - Identity Manager software component
2024-01-05 06:00:03
Security Bulletin: Multiple vulnerabilities has been identified in FasterXML jackson-databind affect IBM Engineering Lifecycle Optimization - Publishing
2023-10-04 07:59:53
openvas
openvas
Debian: Security Advisory (DSA-5283-1)
2022-11-18 00:00:00
Mageia: Security Advisory (MGASA-2024-0069)
2024-03-18 00:00:00
Debian: Security Advisory (DLA-3207-1)
2022-11-28 00:00:00
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2024-03-16 19:28:17
Updated python-pygments packages fix security vulnerability
2024-04-04 23:26:59
Updated zstd packages fix a security vulnerability
2021-07-09 03:27:08
nessus
nessus
Debian DSA-5283-1 : jackson-databind - security update
2022-11-18 00:00:00
Debian DLA-3207-1 : jackson-databind - LTS security update
2022-11-27 00:00:00
SUSE SLES12 Security Update : curl (SUSE-SU-2023:2230-1)
2023-05-18 00:00:00
debian
debian
[SECURITY] [DSA 5283-1] jackson-databind security update
2022-11-17 11:17:07
[SECURITY] [DLA 3207-1] jackson-databind security update
2022-11-27 18:53:52
osv
osv
jackson-databind - security update
2022-11-27 00:00:00
jackson-databind - security update
2022-11-17 00:00:00
Moderate: curl security update
2023-08-01 00:00:00
slackware
slackware
[slackware-security] curl
2023-05-17 21:00:11
freebsd
freebsd
curl -- multiple vulnerabilities
2023-03-21 00:00:00
redos
redos
ROS-20230621-04
2023-06-21 00:00:00
gentoo
gentoo
FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
redhat
redhat
(RHSA-2023:5598) Moderate: curl security update
2023-10-10 14:20:03
(RHSA-2023:4354) Moderate: curl security update
2023-08-01 07:58:15
(RHSA-2022:9032) Important: Red Hat build of Eclipse Vert.x 4.3.4 security update
2022-12-15 12:38:08
fedora
fedora
[SECURITY] Fedora 37 Update: curl-7.85.0-9.fc37
2023-06-08 02:00:39
[SECURITY] Fedora 38 Update: curl-8.0.1-2.fc38
2023-06-07 02:15:37
[SECURITY] Fedora 38 Update: mingw-python-pygments-2.15.1-1.fc38
2024-02-05 01:47:07
oraclelinux
oraclelinux
curl security update
2023-08-02 00:00:00
almalinux
almalinux
Moderate: curl security update
2023-08-01 00:00:00
suse
suse
Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core (important)
2022-05-16 00:00:00
nvd
nvd
CVE-2023-22074
2023-10-17 22:15:13
CVE-2023-22071
2023-10-17 22:15:12
CVE-2023-22073
2023-10-17 22:15:12
cloudfoundry
cloudfoundry
USN-6237-1: curl vulnerabilities | Cloud Foundry
2024-03-18 00:00:00
USN-6237-2: curl regression | Cloud Foundry
2023-08-10 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2023-09-11 00:00:00
curl vulnerabilities
2023-07-19 00:00:00
curl regression
2023-07-19 00:00:00
prion
prion
Buffer overflow
2023-10-17 22:15:00
Code injection
2023-10-17 22:15:00
Buffer overflow
2023-10-17 22:15:00
cve
cve
CVE-2023-22077
2023-10-17 22:15:13
CVE-2023-22071
2023-10-17 22:15:12
CVE-2023-22075
2023-10-17 22:15:13
packetstorm
packetstorm
Oracle 19c / 21c Sharding Component Password Hash Exposure
2023-10-26 00:00:00
cvelist
cvelist
CVE-2023-22073
2023-10-17 21:02:52
CVE-2023-22071
2023-10-17 21:02:52
CVE-2023-22096
2023-10-17 21:03:03
atlassian
atlassian
SSRF org.apache.xmlgraphics:batik-bridge Dependency in Jira Service Management Data Center and Server
2023-12-13 07:45:23
redhatcve
redhatcve
CVE-2022-40896
2023-11-27 11:58:15
CVE-2021-24031
2021-03-03 21:40:06
debiancve
debiancve
CVE-2022-40896
2023-07-19 15:15:10
CVE-2021-24031
2021-03-04 21:15:12
ubuntucve
ubuntucve
CVE-2021-24031
2021-02-10 00:00:00
CVE-2022-40896
2023-07-19 00:00:00
alpinelinux
alpinelinux
CVE-2021-24031
2021-03-04 21:15:12
CVE-2022-46908
2022-12-12 06:15:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-07-21 15:32:33
github
github
Pygments vulnerable to ReDoS
2023-07-19 15:30:26
cbl_mariner
cbl_mariner
CVE-2022-46908 affecting package sqlite for versions less than 3.39.2-2
2022-12-19 20:12:39

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.1%

JSON
Related for ORACLE_RDBMS_CPU_OCT_2023.NASL
ibm47openvas29mageia3nessus42debian2osv13slackware1freebsd1redos1gentoo1redhat3fedora4oraclelinux1almalinux1suse1nvd8cloudfoundry2ubuntu3prion9cve8packetstorm1cvelist6atlassian1redhatcve2debiancve2ubuntucve2alpinelinux2veracode1github1cbl_mariner1