SB2020011464 - Multiple vulnerabilities in Oracle Enterprise Manager Base Platform
Published: January 14, 2020 Updated: January 26, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 33 vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2020-2628)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Host Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
2) Improper input validation (CVE-ID: CVE-2020-2639)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Host Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
3) Improper input validation (CVE-ID: CVE-2020-2625)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Job System component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
4) Improper input validation (CVE-ID: CVE-2020-2613)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Global EM Framework component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
5) Improper input validation (CVE-ID: CVE-2020-2630)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Extensibility Framework component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
6) Improper input validation (CVE-ID: CVE-2020-2622)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Event Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
7) Improper input validation (CVE-ID: CVE-2020-2629)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Extensibility Framework component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
8) Improper input validation (CVE-ID: CVE-2020-2643)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Job System component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
9) Improper input validation (CVE-ID: CVE-2020-2623)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Metrics Framework component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
10) Improper input validation (CVE-ID: CVE-2020-2635)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the System Monitoring component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
11) Improper input validation (CVE-ID: CVE-2020-2646)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:U/U:Green
The vulnerability allows a remote authenticated user to read and manipulate data.
The vulnerability exists due to improper input validation within the Command Line Interface component in Enterprise Manager Base Platform. A remote authenticated user can exploit this vulnerability to read and manipulate data.
12) Improper input validation (CVE-ID: CVE-2020-2632)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the System Monitoring component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
13) Improper input validation (CVE-ID: CVE-2020-2608)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Repository component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
14) Improper input validation (CVE-ID: CVE-2020-2615)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Oracle Management Service component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
15) Improper input validation (CVE-ID: CVE-2020-2644)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Oracle Management Service component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
16) Improper input validation (CVE-ID: CVE-2020-2616)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Enterprise Manager Repository component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
17) Improper input validation (CVE-ID: CVE-2020-2621)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Enterprise Config Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
18) Improper input validation (CVE-ID: CVE-2020-2624)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Connector Framework component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
19) Improper input validation (CVE-ID: CVE-2020-2633)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Connector Framework component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
20) Improper input validation (CVE-ID: CVE-2020-2642)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Connector Framework component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
21) Improper input validation (CVE-ID: CVE-2020-2634)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Configuration Standard Framewk component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
22) Improper input validation (CVE-ID: CVE-2020-2626)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Cloud Control Manager - OMS component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
23) Improper input validation (CVE-ID: CVE-2020-2631)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Application Service Level Mgmt component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
24) Improper input validation (CVE-ID: CVE-2020-2636)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Application Service Level Mgmt component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
25) Improper input validation (CVE-ID: CVE-2020-2645)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Connector Framework component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
26) Improper input validation (CVE-ID: CVE-2020-2617)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Discovery Framework component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
27) Improper input validation (CVE-ID: CVE-2020-2619)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Enterprise Config Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
28) Improper input validation (CVE-ID: CVE-2020-2620)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Enterprise Config Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
29) Improper input validation (CVE-ID: CVE-2020-2618)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Enterprise Config Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
30) Improper input validation (CVE-ID: CVE-2020-2612)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Enterprise Config Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
31) Improper input validation (CVE-ID: CVE-2020-2610)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Enterprise Config Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
32) Improper input validation (CVE-ID: CVE-2020-2611)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to read, manipulate or delete data.
The vulnerability exists due to improper input validation within the Enterprise Config Management component in Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to read, manipulate or delete data.
33) Improper input validation (CVE-ID: CVE-2020-2609)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote authenticated user to read and manipulate data.
The vulnerability exists due to improper input validation within the Enterprise Config Management component in Enterprise Manager Base Platform. A remote authenticated user can exploit this vulnerability to read and manipulate data.
Remediation
Install update from vendor's website.