Multiple vulnerabilities in Oracle TimesTen In-Memory Database



Published: 2020-10-27
Risk High
Patch available YES
Number of vulnerabilities 4
CVE ID CVE-2019-0201
CVE-2019-1010239
CVE-2017-5645
CVE-2018-11058
CWE ID CWE-284
CWE-754
CWE-502
CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Oracle TimesTen In-Memory Database
Server applications / Database software

Vendor Oracle

Security Advisory

1) Improper access control

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-0201

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions when "getACL()" command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. A remote attacker can gain READ permissions to list ACL.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle TimesTen In-Memory Database: 18.1.1.1.0, 18.1.1.2.0, 18.1.1.2.1, 18.1.1.3.0, 18.1.2.1.0, 18.1.2.2.0

CPE External links

https://www.oracle.com/security-alerts/cpuoct2020.html?904623

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Check for Unusual or Exceptional Conditions

Risk: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-1010239

CWE-ID: CWE-754 - Improper Check for Unusual or Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle TimesTen In-Memory Database: 18.1.1.1.0, 18.1.1.2.0, 18.1.1.2.1, 18.1.1.3.0, 18.1.2.1.0, 18.1.2.2.0

CPE External links

https://www.oracle.com/security-alerts/cpuoct2020.html?904623

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Deserialization of untrusted data

Risk: High

CVSSv3: 3.4 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-5645

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists receiving serialized log events from another application when using the TCP socket server or UDP socket server. A remote attacker can submit a specially crafted binary payload, when deserialized, and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle TimesTen In-Memory Database:

CPE External links

https://www.oracle.com/security-alerts/cpuoct2020.html?904623

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

Risk: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-11058

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when parsing ASN.1 data. A remote attacker can use a specially constructed ASN.1 data, trigger out-of-bounds read error and read contents of memory on the system.

This vulnerability affects the following versions of RSA BSAFE Crypto-C Micro Edition:

  • version prior to 4.0.5.3 (in 4.0.x)

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle TimesTen In-Memory Database: 18.1.2.1.0, 18.1.2.2.0, 18.1.3.1.0, 18.1.3.2.0, 18.1.3.3.0, 18.1.3.4.0, 18.1.3.5.0

CPE External links

https://www.oracle.com/security-alerts/cpuoct2020.html?904623

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.