SB2021012034 - Multiple vulnerabilities in Oracle Enterprise Manager Ops Center
Published: January 20, 2021 Updated: July 3, 2025
Security Bulletin ID
SB2021012034
Severity
High
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Man-in-the-middle attack (CVE-ID: CVE-2015-4000)
The vulnerability allows a remote attacker to decrypt TLS connections in certain situations.The vulnerability exists due to boundary error when parsing HTTP requests. A remote unauthenticated attacker can conduct a man-in-the-middle attack that can lead to the target system to downgrade the Diffie-Hellman algorithm to 512-bit export-grade cryptography.
Successful exploitation of this vulnerability may result in modification of authentication information
2) Buffer overflow (CVE-ID: CVE-2020-11984)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in od_proxy_uwsgi module. A remote attacker can send a specially crafted request to the web server, trigger memory corruption and gain access to sensitive information or execute arbitrary code on the target system.
Remediation
Install update from vendor's website.