Multiple vulnerabilities in Oracle Enterprise Repository
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2020-11994 CVE-2019-17566 CVE-2020-11979 CVE-2020-11998 |
| CWE-ID | CWE-20 CWE-918 CWE-264 CWE-287 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Oracle Enterprise Repository Web applications / Other software |
| Vendor | Oracle |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU49792
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-11994
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Security Subsystem (Apache Camel) component in Oracle Enterprise Repository. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Enterprise Repository: 11.1.1.7.0
CPE2.3 External linkshttps://www.oracle.com/security-alerts/cpujan2021.html?505599
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU29068
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-17566
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of "xlink:href" attributes. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Enterprise Repository: 11.1.1.7.0
CPE2.3 External linkshttps://www.oracle.com/security-alerts/cpujan2021.html?505599
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU47428
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-11979
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect patch for vulnerability #VU27924 (CVE-2020-1945). Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Enterprise Repository: 11.1.1.7.0
CPE2.3 External linkshttps://www.oracle.com/security-alerts/cpujan2021.html?505599
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Authentication
EUVDB-ID: #VU46680
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11998
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote client to bypass authentication process.
The vulnerability exists due to an error in authentication process, caused by incorrect implementation of protection measures against JMX re-bind attack. A remote attacker can bypass authentication process by passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials.As a result, a remote client can create javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs.
Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionsOracle Enterprise Repository: 11.1.1.7.0
CPE2.3 External linkshttps://www.oracle.com/security-alerts/cpujan2021.html?505599
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
