Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
LOW network
low complexity
oracle
nessus
Published: 2019-01-16
Updated: 2019-10-03
Summary
Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data as well as unauthorized read access to a subset of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
Vulnerable Configurations
| Part | Description | Count |
| Application | Oracle | 4 |
Nessus
| NASL family | Misc. |
| NASL id | ORACLE_OATS_CPU_JAN_2019.NASL |
| description | The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - Enterprise Manager Base Platform Agent Next Gen (Jython) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to takeover the Enterprise Manager Base Platform. (CVE-2016-4000) - Enterprise Manager Base Platform Discovery Framework (OpenSSL) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to cause a frequent crash (DoS) of the Enterprise Manager Base Platform. (CVE-2018-0732) - Enterprise Manager Ops Center Networking (OpenSSL) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to cause a frequent crash (DoS) of the Enterprise Manager Ops Center Platform. (CVE-2018-0732) - Oracle Application Testing Suite Load Testing for Web Apps (Spring Framework) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to takeover the Enterprise Manager Base Platform. (CVE-2018-1258) - Enterprise Manager Base Platform EM Console component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access. (CVE-2018-3303) - Oracle Application Testing Suite Load Testing for Web Apps component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access and a partial denial of service. (CVE-2018-3304) - Oracle Application Testing Suite Load Testing for Web Apps component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access and a partial denial of service. (CVE-2018-3305) - Enterprise Manager for Virtualization Plug-In Lifecycle (jackson-databind) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager for Virtualization. (CVE-2018-12023) - Enterprise Manager for Virtualization Plug-In Lifecycle (jackson-databind) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager for Virtualization. (CVE-2018-14718) - Enterprise Manager Ops Center Networking (cURL) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager Ops Center. (CVE-2018-1000300) |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 121257 |
| published | 2019-01-21 |
| reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/121257 |
| title | Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2019 CPU) |