Multiple vulnerabilities in Primavera Unifier



Published: 2020-10-28
Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2020-9488
CVE-2020-9489
CVE-2018-17196
CVE-2019-17558
CVE-2017-9096
CVE-2015-1832
CWE-ID CWE-295
CWE-401
CWE-284
CWE-94
CWE-611
Exploitation vector Network
Public exploit Vulnerability #4 is being exploited in the wild.
Vulnerable software
Subscribe
Primavera Unifier
Client/Desktop applications / Software for system administration

Vendor Oracle

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Improper Certificate Validation

EUVDB-ID: #VU27487

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9488

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform man-in-the-middle attack.

The vulnerability exists due to the Apache Log4j SMTP appender does not validate SSL certificates. A remote attacker can perform a MitM attack, intercept and decrypt network traffic.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Primavera Unifier: 18.8 - 19.12

External links

http://www.oracle.com/security-alerts/cpuoct2020.html?61749


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

EUVDB-ID: #VU34420

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9489

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Primavera Unifier: 16.1 - 20.6

External links

http://www.oracle.com/security-alerts/cpuoct2020.html?61749


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper access control

EUVDB-ID: #VU19218

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17196

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to improper security restrictions imposed by the affected software. A remote authenticated attacker with write permission on respective topics can send a crafted Produce request that is designed to bypass transaction/idempotent access control list (ACL) validation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Primavera Unifier: 18.8 - 19.12

External links

http://www.oracle.com/security-alerts/cpuoct2020.html?61749


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Code Injection

EUVDB-ID: #VU23850

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2019-17558

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in VelocityResponseWriter, when "params.resource.loader.enabled" is set to true in Apache Solr configuration. A remote authenticated user with ability to load templates or change software configuration can inject a malicious template and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Primavera Unifier: 16.1 - 20.6

External links

http://www.oracle.com/security-alerts/cpuoct2020.html?61749


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

5) XML External Entity injection

EUVDB-ID: #VU31399

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9096

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Primavera Unifier: 16.1 - 20.6

External links

http://www.oracle.com/security-alerts/cpuoct2020.html?61749


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) XXE attack

EUVDB-ID: #VU735

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-1832

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote user to conduct XXE attack.
The weakness exists due to XML external entity error. Via vectors involving XmlVTI and the XML datatype context-dependent attackers can view arbitrary files that may lead to denial of service.
Successful exploitation of the vulnerability can result in potentially sensitive information disclosure and denial of service on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Primavera Unifier: 16.1 - 20.6

External links

http://www.oracle.com/security-alerts/cpuoct2020.html?61749


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###