SB2020011464 - Multiple vulnerabilities in Oracle Enterprise Manager Base Platform
Published: January 14, 2020 Updated: January 26, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 33 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2020-2628)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Host Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
2) Improper input validation (CVE-ID: CVE-2020-2639)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Host Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
3) Improper input validation (CVE-ID: CVE-2020-2625)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Job System component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
4) Improper input validation (CVE-ID: CVE-2020-2613)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Global EM Framework component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
5) Improper input validation (CVE-ID: CVE-2020-2630)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Extensibility Framework component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
6) Improper input validation (CVE-ID: CVE-2020-2622)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Event Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
7) Improper input validation (CVE-ID: CVE-2020-2629)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Extensibility Framework component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
8) Improper input validation (CVE-ID: CVE-2020-2643)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Job System component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
9) Improper input validation (CVE-ID: CVE-2020-2623)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Metrics Framework component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
10) Improper input validation (CVE-ID: CVE-2020-2635)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the System Monitoring component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
11) Improper input validation (CVE-ID: CVE-2020-2646)
The vulnerability allows a remote authenticated user to read and manipulate data.
The vulnerability exists due to improper input validation within the Command Line Interface component in Enterprise Manager Base Platform. A remote authenticated user can exploit this vulnerability to read and manipulate data.
12) Improper input validation (CVE-ID: CVE-2020-2632)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the System Monitoring component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
13) Improper input validation (CVE-ID: CVE-2020-2608)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Repository component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
14) Improper input validation (CVE-ID: CVE-2020-2615)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Oracle Management Service component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
15) Improper input validation (CVE-ID: CVE-2020-2644)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Oracle Management Service component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
16) Improper input validation (CVE-ID: CVE-2020-2616)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Enterprise Manager Repository component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
17) Improper input validation (CVE-ID: CVE-2020-2621)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Enterprise Config Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
18) Improper input validation (CVE-ID: CVE-2020-2624)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Connector Framework component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
19) Improper input validation (CVE-ID: CVE-2020-2633)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Connector Framework component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
20) Improper input validation (CVE-ID: CVE-2020-2642)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Connector Framework component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
21) Improper input validation (CVE-ID: CVE-2020-2634)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Configuration Standard Framewk component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
22) Improper input validation (CVE-ID: CVE-2020-2626)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Cloud Control Manager - OMS component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
23) Improper input validation (CVE-ID: CVE-2020-2631)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Application Service Level Mgmt component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
24) Improper input validation (CVE-ID: CVE-2020-2636)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Application Service Level Mgmt component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
25) Improper input validation (CVE-ID: CVE-2020-2645)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Connector Framework component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
26) Improper input validation (CVE-ID: CVE-2020-2617)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Discovery Framework component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
27) Improper input validation (CVE-ID: CVE-2020-2619)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Enterprise Config Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
28) Improper input validation (CVE-ID: CVE-2020-2620)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Enterprise Config Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
29) Improper input validation (CVE-ID: CVE-2020-2618)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Enterprise Config Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
30) Improper input validation (CVE-ID: CVE-2020-2612)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Enterprise Config Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
31) Improper input validation (CVE-ID: CVE-2020-2610)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Enterprise Config Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
32) Improper input validation (CVE-ID: CVE-2020-2611)
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Enterprise Config Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
33) Improper input validation (CVE-ID: CVE-2020-2609)
The vulnerability allows a remote authenticated user to read and manipulate data.
The vulnerability exists due to improper input validation within the Enterprise Config Management component in Enterprise Manager Base Platform. A remote authenticated user can exploit this vulnerability to read and manipulate data.
Remediation
Install update from vendor's website.