Oracle Primavera Gateway Multiple Vulnerabilities (Oct 2019 CPU)

critical Nessus Plugin ID 130019

Synopsis

An application running on the remote web server is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.17, 16.x prior to 16.2.10, 17.x prior to 17.12.5, or 18.x prior to 18.8.7. It is, therefore, affected by multiple vulnerabilities:

- An arbitrary file read vulnerability exists in the FasterXML jackson-databind component, which is version 2.x prior to 2.9.9. This vulnerability is due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. An unauthenticated, remote attacker can exploit this by hosting a crafted MySQL server reachable by the victim and sending a crated JSON message that allows them to read arbitrary files and disclose sensitive information. (CVE-2019-12086)

- Denial of service (DoS) vulnerabilities exist in the Apache POI component, which is prior to 3.1.7, due to a flaw when parsing crafted WMF, EMF, MSG, macros, DOC, PPT, and XLS. An unauthenticated, remote attacker can exploit this issue, via sending crafted input, to cause the application to stop responding.
(CVE-2017-12626)

- A remote code execution vulnerability exists in the FasterXML jackson-databind component, which is prior to 2.9.0.2, due to a flaw in how default typing is handled when ehcache is used because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. (CVE-2019-14379)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Oracle Primavera Gateway version 15.2.17 / 16.2.10 / 17.12.5 / 18.8.7 or later.

See Also

http://www.nessus.org/u?f7302206

http://www.nessus.org/u?8f2e008f

Plugin Details

Severity: Critical

ID: 130019

File Name: oracle_primavera_gateway_cpu_oct_2019.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 10/18/2019

Updated: 4/17/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-14379

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:primavera_gateway

Required KB Items: installed_sw/Oracle Primavera Gateway

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/15/2019

Vulnerability Publication Date: 1/29/2018

Reference Information

CVE: CVE-2017-12626, CVE-2019-12086, CVE-2019-14379

BID: 102879, 109227

IAVA: 2019-A-0380