Vulnerabilities > CVE-2020-2739 - Unspecified vulnerability in Oracle Webcenter Sites 12.2.1.3.0

047910
CVSS 7.4 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
oracle
nessus

Summary

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N).

Vulnerable Configurations

Part Description Count
Application
Oracle
1

Nessus

NASL familyWindows
NASL idORACLE_WEBCENTER_SITES_APR_2020_CPU.NASL
descriptionOracle WebCenter Sites component of Oracle Fusion Middleware is vulnerable to multiple vulnerabilities. - Component: Advanced UI (jQuery). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data (CVE-2019-11358). - Component: Sites (jackson-databind). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites (CVE-2019-16943). - Component: Advanced UI. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data (CVE-2020-2739 ).
last seen2020-05-08
modified2020-04-16
plugin id135676
published2020-04-16
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/135676
titleOracle WebCenter Sites Multiple Vulnerabilities (April 2020 CPU)
code
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(135676);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/24");

  script_cve_id("CVE-2019-11358", "CVE-2019-16943", "CVE-2020-2739");
  script_xref(name:"IAVA", value:"2020-A-0153");

  script_name(english:"Oracle WebCenter Sites Multiple Vulnerabilities (April 2020 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"An application running on the remote host is affected by multiple security vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"Oracle WebCenter Sites component of Oracle Fusion Middleware is vulnerable to multiple vulnerabilities.

  - Component: Advanced UI (jQuery). The supported version that is affected is 12.2.1.3.0. 
  Easily exploitable vulnerability allows unauthenticated attacker with network access via 
  HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction 
  from a person other than the attacker and while the vulnerability is in Oracle WebCenter 
  Sites, attacks may significantly impact additional products. Successful attacks of this 
  vulnerability can result in unauthorized update, insert or delete access to some of 
  Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset 
  of Oracle WebCenter Sites accessible data (CVE-2019-11358).

  - Component: Sites (jackson-databind). Supported versions that are affected are 
  12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated 
  attacker with network access via HTTP to compromise Oracle WebCenter Sites. 
  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites
  (CVE-2019-16943).

  - Component: Advanced UI. The supported version that is affected is 12.2.1.3.0. 
  Easily exploitable vulnerability allows unauthenticated attacker with network access 
  via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction 
  from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, 
  attacks may significantly impact additional products. Successful attacks of this vulnerability 
  can result in unauthorized access to critical data or complete access to all Oracle 
  WebCenter Sites accessible data (CVE-2020-2739).");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuapr2020.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the April 2020 Oracle Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-16943");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_webcenter_sites_installed.nbin", "oracle_enum_products_win.nbin");
  script_require_keys("SMB/WebCenter_Sites/Installed");

  exit(0);
}

include('oracle_rdbms_cpu_func.inc');

port = get_kb_item('SMB/transport');
if (isnull(port))
  port = 445;

get_kb_item_or_exit('SMB/WebCenter_Sites/Installed');

versions = get_kb_list('SMB/WebCenter_Sites/*/Version');
if (isnull(versions)) exit(1, 'Unable to obtain a version list for Oracle WebCenter Sites.');

report = '';

# vulnerable versions: 
# - 12.2.1.3.0 - Revision 185862, Patch 29957990
#     Note that the revision does not match up with the version suffix shown in the readme
#
# - 12.2.1.4.0 - Patch 31101341
#     This patch does not change revision. Need to find specific patch

foreach key (keys(versions))
{
  fix = '';

  version = versions[key];
  revision = get_kb_item(key - '/Version' + '/Revision');
  path = get_kb_item(key - '/Version' + '/Path');

  if (isnull(version) || isnull(revision)) continue;

  # Patch 29957990 - 12.2.1.3.0 < Revision 185862 
  if (version =~ "^12\.2\.1\.3\.0$" && revision < 185862)
  {
    fix = '\n  Fixed revision : 185862' +
          '\n  Required patch : 29957990';
  }
  # Patch 31101341 - 12.2.1.4.0
  else if (version =~ "^12\.2\.1\.4\.0$")
  {
    # Revision check does not work. Must find specific patch
    patch = '31101341';

    oracle_homes = query_scratchpad("SELECT path FROM oracle_homes");
    if (!max_index(oracle_homes)) exit(1, 'Failed to get any Oracle homes from the scratchpad.');

    ohome = NULL;

    # Find the correct ohome
    foreach res (oracle_homes)
    {
      testpath = res['path'];
      if (testpath >< tolower(path))
      {
        ohome = testpath;
        break;
      }
    }
    if (empty_or_null(ohome))
      exit(1, 'Failed to find the proper Oracle home in the scratchpad.');

    patchesinstalled = query_scratchpad("SELECT patchid FROM oracle_patches WHERE ohome=?;", ohome);

    patched = FALSE;

    # Check if patch is in ohome
    if (!isnull(patchesinstalled))
    {
      patched = FALSE;
      foreach item (patchesinstalled)
      {
        if (item['patchid'] == patch)
          patched = TRUE;
      }

    }

    if(!patched)
      fix = '\n  Required patch : 31101341';
  }

  if (fix != '')
  {
    if (!isnull(path)) report += '\n  Path           : ' + path;
    report += '\n  Version        : ' + version +
              '\n  Revision       : ' + revision +
              fix + '\n';
  }
}

if (report != '') security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
else audit(AUDIT_INST_VER_NOT_VULN, 'Oracle WebCenter Sites');