SB2019011703 - Multiple vulnerabilities in Oracle Primavera
Published: January 17, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Remote code execution (CVE-ID: CVE-2018-14718)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to the failure to block the slf4j-ext class from polymorphic deserialization. A remote attacker can execute arbitrary code with elevated privileges.
2) Security restrictions bypass (CVE-ID: CVE-2019-2512)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to insufficient input validation. A remote attacker can trick the victim into processing specially crafted input and bypass security restrictions to read and modify arbitrary system files.
3) Arbitrary file upload (CVE-ID: CVE-2018-9206)
The vulnerability allows a remote attacker to compromise vulnerable system.The vulnerability exists in the plugin's source code that handles file uploads to PHP servers due to software allows upload of arbitrary files to the system. A remote unauthenticated attacker can upload arbitrary .htaccess file to impose security restrictions to its upload folder and upload backdoors and web shells.
Note: The vulnerability has been actively exploited for at least 3 years.
4) Improper input validation (CVE-ID: CVE-2018-0732)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to improper handling of large prime values by the affected software during key agreement operations in a Transport Layer Security (TLS) handshake using an Ephemeral Diffie-Hellman (DHE) based cipher suite. A remote attacker can send a large prime value from a malicious OpenSSL server to a targeted OpenSSL client and cause the client to stop responding while generating a key for the prime value.
Remediation
Install update from vendor's website.