Detections
Analytics
Oracle Database Management Plug-In Unix (October 2013 CPU) (credentialed check)
medium Nessus Plugin ID 70546
Language:
Synopsis
A database management application installed on the remote host is affected by multiple vulnerabilities.Description
The Oracle Database Management Plug-In installed on the remote host is missing the October 2013 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities in the Enterprise Manager Base Platform component :- An unspecified flaw exists in the Schema Management subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2013-3762)
- An unspecified flaw exists in the DB Performance Advisories/UIs subcomponent that allows an unauthenticated, remote attacker to impact integrity.
(CVE-2013-5766)
- Multiple unspecified flaws exist in the Storage Management subcomponent that allow an unauthenticated, remote attacker to impact integrity. (CVE-2013-5827, CVE-2013-5828)
Solution
Apply the appropriate patch according to the October 2013 Oracle Critical Patch Update advisory.See Also
Plugin Details
Severity: Medium
ID: 70546
File Name: oracle_db_mgmt_plugin_oct2013_cpu_nix.nasl
Version: 1.18
Type: local
Agent: windows, macosx, unix
Family: Misc.
Published: 10/22/2013
Updated: 11/27/2023
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 2.5
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Score Source: CVE-2013-5828
CVSS v3
Risk Factor: Medium
Base Score: 4.7
Temporal Score: 4.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:oracle:enterprise_manager_plugin_for_database_control
Required KB Items: Host/local_checks_enabled
Exploit Ease: No known exploits are available
Patch Publication Date: 10/15/2013
Vulnerability Publication Date: 10/15/2013
Reference Information
CVE: CVE-2013-3762, CVE-2013-5766, CVE-2013-5827, CVE-2013-5828