CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.

The version of IBM Engineering Requirements Management DOORS (formerly IBM Rational DOORS) installed on the remote host is 9.7.2.x prior to 9.7.2.8. It is, therefore, affected by multiple vulnerabilities as referenced in the 7124058 advisory.

  - Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet     containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly     vulnerable to an authorization bypass. (CVE-2022-32532)

  - The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow     a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary     shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client     or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade     both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
    (CVE-2023-46604)

  - Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be     exploited. There is only a risk in conjunction with Java object deserialization within an application. In     such situations, it allows attackers to erase contents of arbitrary files, make network connections, or     possibly run arbitrary code (specifically, Function0 functions) via a gadget chain. (CVE-2022-36944)

  - IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which     could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the     website trusts. IBM X-Force ID: 251216. (CVE-2023-28949)

  - A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows     remote attackers to inject arbitrary web script through a crafted protected comment (with the     cke_protected syntax). (CVE-2020-9281)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory.

  - Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server.
    The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged     attacker having Create Any Procedure privilege with network access via Oracle Net to compromise Oracle     Database - Enterprise Edition Sharding. Successful attacks of this vulnerability can result in takeover of     Oracle Database - Enterprise Edition Sharding. (CVE-2022-21410)

  - Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are     12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create     Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks     of this vulnerability can result in unauthorized creation, deletion or modification access to critical     data or all Java VM accessible data. (CVE-2022-21498)

  - Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server.
    Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows     low privileged attacker having Create Session privilege with network access via Oracle Net to compromise     RDBMS Gateway / Generic ODBC Connectivity. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of RDBMS Gateway / Generic ODBC Connectivity     accessible data as well as unauthorized read access to a subset of RDBMS Gateway / Generic ODBC     Connectivity accessible data. (CVE-2022-21411)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the April 2022 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities:

  - An XML external entity vulnerability in the bundled jackson-databind component which allows an unauthenticated     attacker with network access via HTTP to access, create or delete all data accessible to Oracle WebCenter     Portal. (CVE-2020-25649)

  - Denial of service vulnerabilities in the bundled Apache Tika, jsoup, Netty and Apache Commons Compress components which     allow an unauthenticated attacker with network access via HTTP to cause a hang or frequently repeatable crash     of the Oracle WebCenter Portal. (CVE-2020-28657, CVE-2021-36090, CVE-2021-37137, CVE-2021-37714)

  - A path traversal vulnerability in the bundled Apache Commons IO component which allows an unauthenticated attacker     with network access via HTTP to read, update or delete a subset of data accessible to Oracle WebCenter Portal.
    (CVE-2021-29425)

  - A Denial of service vulnerability in the bundled Apache PDFBox component which allows an unauthenticated attacker     with logon to the infrastructure where Oracle WebCenter Portal executes, with human interaction from another user     to cause a hang or frequently repeatable crash of the Oracle WebCenter Portal. (CVE-2021-31912)

  - A cross-site scripting vulnerability in the bundled CKEditor component which allows a low privileged attacker     with network access via HTTP, with human interaction from another user, to read, update or delete a subset of     data accessible to Oracle WebCenter Portal. (CVE-2021-41165)

  - A remote code execution vulnerability in the bundled Apache Log4J component which allows a high privileged     attacker with network access via HTTP to execute arbitrary code on the Oracle WebCenter Portal. (CVE-2021-44832)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the instance of Drupal running on the remote web server is 8.9.x prior to 8.9.20, 9.1.x prior to 9.1.14, or 9.2.x prior to 9.2.9. It is, therefore, affected by multiple cross-site scripting vulnerabilities due to its usage of a third party component, CKEditor, for WYSIWYG editing:

 - A Cross-Site Scripting (XSS) was discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. (CVE-2021-41165)

 - A Cross-Site Scripting (XSS) was discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. (CVE-2021-41164)

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the instance of Drupal running on the remote web server is 8.9.x prior to 8.9.20, 9.1.x prior to 9.1.14, or 9.2.x prior to 9.2.9. It is, therefore, affected by multiple vulnerabilities.

  - CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered     in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The     vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in     executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has     been recognized and patched. The fix will be available in version 4.17.0. (CVE-2021-41164)

  - CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered     in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability     allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing     JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been     recognized and patched. The fix will be available in version 4.17.0. (CVE-2021-41165)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
211412	Fedora 37 : ckeditor (2022-4c634ee466)	Nessus	Fedora Local Security Checks	medium
191754	IBM Engineering Requirements Management DOORS 9.7.2.x < 9.7.2.8 Multiple Vulnerabilities (7124058)	Nessus	Windows	critical
169023	Fedora 36 : ckeditor (2022-b61dfd219b)	Nessus	Fedora Local Security Checks	medium
160079	Oracle Database Server (Apr 2022 CPU)	Nessus	Databases	high
159954	Oracle WebCenter Portal Multiple Vulnerabilities (Apr 2022 CPU)	Nessus	Misc.	high
113066	Drupal 8.9.x < 8.9.20 Cross-Site Scripting	Web App Scanning	Component Vulnerability	medium
113065	Drupal 9.1.x < 9.1.14 Cross-Site Scripting	Web App Scanning	Component Vulnerability	medium
113064	Drupal 9.2.x < 9.2.9 Cross-Site Scripting	Web App Scanning	Component Vulnerability	medium
155559	Drupal 8.9.x < 8.9.20 / 9.1.x < 9.1.14 / 9.2.x < 9.2.9 Multiple Vulnerabilities (drupal-2021-11-17)	Nessus	CGI abuses	medium

Detections

Analytics

CVE-2021-41165

medium

Tenable Plugins

medium

critical

medium

high

high

medium

medium

medium

medium