Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.

The 13.5.0.0 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory.

  - Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager     (component: Install (Apache Commons Net)). The supported version that is affected is 13.5.0.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Oracle Enterprise Manager Base Platform. Successful attacks require human interaction from a person other     than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical     data or complete access to all Oracle Enterprise Manager Base Platform accessible data. (CVE-2021-37533)

  - Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager     (component: Install (json-smart)). The supported version that is affected is 13.5.0.0. Easily exploitable     vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise     Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform.     (CVE-2023-1370)

  - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component:     Install (Apache Mina SSHD)). The supported version that is affected is 13.3.0.1. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle     Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized creation,     deletion or modification access to critical data or all Oracle Application Testing Suite accessible data.     (CVE-2023-48795)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - apache-commons-net: FTP client trusts the host from PASV response by default (CVE-2021-37533)

  - Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).
    If the parser is running on user supplied input, an attacker may supply content that causes the parser to     crash by stack overflow. This effect may support a denial of service attack. (CVE-2022-41854)

  - An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that     contains a self-reference in one of its elements. This leads to a StackOverflowError exception being     thrown. (CVE-2023-1436)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched.

  - apache-commons-net: FTP client trusts the host from PASV response by default (CVE-2021-37533)

Note that Nessus has not tested for this issue but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - apache-commons-net: FTP client trusts the host from PASV response by default (CVE-2021-37533)

  - Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).
    If the parser is running on user supplied input, an attacker may supply content that causes the parser to     crash by stack overflow. This effect may support a denial of service attack. (CVE-2022-41854)

  - An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that     contains a self-reference in one of its elements. This leads to a StackOverflowError exception being     thrown. (CVE-2023-1436)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The version of IBM Engineering Requirements Management DOORS (formerly IBM Rational DOORS) installed on the remote host is 9.7.2.x prior to 9.7.2.8. It is, therefore, affected by multiple vulnerabilities as referenced in the 7124058 advisory.

  - Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet     containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly     vulnerable to an authorization bypass. (CVE-2022-32532)

  - The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow     a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary     shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client     or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade     both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
    (CVE-2023-46604)

  - Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be     exploited. There is only a risk in conjunction with Java object deserialization within an application. In     such situations, it allows attackers to erase contents of arbitrary files, make network connections, or     possibly run arbitrary code (specifically, Function0 functions) via a gadget chain. (CVE-2022-36944)

  - IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which     could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the     website trusts. IBM X-Force ID: 251216. (CVE-2023-28949)

  - A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows     remote attackers to inject arbitrary web script through a crafted protected comment (with the     cke_protected syntax). (CVE-2020-9281)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle Business Intelligence Enterprise Edition (OAS) 6.4.0.0.0 and 7.0.0.0 installed on the remote host are affected by a vulnerability as referenced in the July 2023 CPU advisory. 

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Analytics Server (Apache Hive)). Supported versions that are affected are 6.4.0.0.0,     7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network     access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of     this vulnerability can result in unauthorized creation, deletion or modification access to critical data     or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to     critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data.
    (CVE-2018-1282)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Visual Analyzer (jackson-databind)). Supported versions that are affected are 6.4.0.0.0 and     7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of     Oracle Business Intelligence Enterprise Edition. (CVE-2022-33980)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Visual Analyzer (CKEditor)). Supported versions that are affected are 6.4.0.0.0 and     7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human     interaction from a person other than the attacker and while the vulnerability is in Oracle Business     Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change).     Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to     some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read     access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. (CVE-2023-28439)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory.

  - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin     (Apache Commons Net)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.16,     20.12.0-20.12.11 and 21.12.0-21.12.9. Easily exploitable vulnerability allows unauthenticated attacker     with network access via HTTP to compromise Primavera Gateway. Successful attacks require human interaction     from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized     access to critical data or complete access to all Primavera Gateway accessible data. (CVE-2021-37533)

  - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin     (JSZip)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.16, 20.12.0-20.12.11 and     21.12.0-21.12.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via     HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized     update, insert or delete access to some of Primavera Gateway accessible data as well as unauthorized read     access to a subset of Primavera Gateway accessible data and unauthorized ability to cause a partial denial     of service (partial DOS) of Primavera Gateway. (CVE-2022-48285)

  - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin     (json-smart)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.16, 20.12.0-20.12.11     and 21.12.0-21.12.9. Easily exploitable vulnerability allows unauthenticated attacker with network access     via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in     unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway.
    (CVE-2023-1370)

  - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin     (Spring Framework)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.16,     20.12.0-20.12.11 and 21.12.0-21.12.9. Easily exploitable vulnerability allows low privileged attacker with     network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can     result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera     Gateway. (CVE-2023-20863)


Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6037-1 advisory.

    ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted the host from PASV responses by     default. A remote attacker with a malicious FTP server could redirect the client to another server, which     could possibly result in leaked information about services running on the private network of the client.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3251 advisory.

  - Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A     malicious server can redirect the Commons Net code to use a different host, but the user has to connect to     the malicious server in the first place. This may lead to leakage of information about services running on     the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL     does. See https://issues.apache.org/jira/browse/NET-711. (CVE-2021-37533)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5307 advisory.

  - Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A     malicious server can redirect the Commons Net code to use a different host, but the user has to connect to     the malicious server in the first place. This may lead to leakage of information about services running on     the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL     does. See https://issues.apache.org/jira/browse/NET-711. (CVE-2021-37533)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
202596	Oracle Enterprise Manager Cloud Control (Jul 2024 CPU)	Nessus	Misc.	medium
202489	RHEL 9 : log4j (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	medium
202486	RHEL 7 : log4j (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	medium
199085	RHEL 8 : log4j (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	medium
191754	IBM Engineering Requirements Management DOORS 9.7.2.x < 9.7.2.8 Multiple Vulnerabilities (7124058)	Nessus	Windows	critical
178710	Oracle Business Intelligence Enterprise Edition (OAS) (July 2023 CPU)	Nessus	Misc.	critical
178484	Oracle Primavera Gateway (Jul 2023 CPU)	Nessus	CGI abuses	high
174751	Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Commons Net vulnerability (USN-6037-1)	Nessus	Ubuntu Local Security Checks	medium
169424	Debian DLA-3251-1 : libcommons-net-java - LTS security update	Nessus	Debian Local Security Checks	medium
169419	Debian DSA-5307-1 : libcommons-net-java - security update	Nessus	Debian Local Security Checks	medium

Detections

Analytics

CVE-2021-37533

medium

Tenable Plugins

medium

medium

medium

medium

critical

critical

high

medium

medium

medium