Multiple vulnerabilities in Oracle Blockchain Platform



Published: 2022-04-19 | Updated: 2022-07-31
Risk High
Patch available YES
Number of vulnerabilities 15
CVE-ID CVE-2020-27218
CVE-2021-29425
CVE-2020-11022
CVE-2019-10086
CVE-2020-8203
CVE-2019-13565
CVE-2020-11612
CVE-2020-17527
CVE-2019-12399
CVE-2020-28052
CVE-2020-24750
CVE-2020-8174
CVE-2021-2351
CVE-2020-5245
CVE-2021-23017
CWE-ID CWE-20
CWE-22
CWE-79
CWE-693
CWE-94
CWE-285
CWE-400
CWE-399
CWE-200
CWE-1025
CWE-502
CWE-119
CWE-193
Exploitation vector Network
Public exploit Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #10 is available.
Public exploit code for vulnerability #11 is available.
Public exploit code for vulnerability #15 is available.
Vulnerable software
Subscribe
Oracle Blockchain Platform
Server applications / Other server solutions

Vendor Oracle

Security Bulletin

This security bulletin contains information about 15 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU52502

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-27218

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.

The vulnerability exists due to improper input validation within the SC Admin server (Eclipse Jetty) component in Oracle Communications Converged Application Server - Service Controller. A remote non-authenticated attacker can exploit this vulnerability to manipulate or delete data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Blockchain Platform: before 21.1.2


CPE2.3
External links

http://www.oracle.com/security-alerts/cpuapr2022.html?952583

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Path traversal

EUVDB-ID: #VU52252

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-29425

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error within the FileNameUtils.normalize method when processing directory traversal sequences, such as "//../foo", or "\..foo". A remote attacker can send a specially crafted request and verify files availability in the parent folder.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Blockchain Platform: before 21.1.2


CPE2.3
External links

http://www.oracle.com/security-alerts/cpuapr2022.html?952583

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Cross-site scripting

EUVDB-ID: #VU27052

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-11022

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: Yes

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the regex operation in "jQuery.htmlPrefilter". A remote attacker can pass specially crafted data to the application that uses .html()</code>, <code>.append() or similar methods for it and execute arbitrary JavaScript code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Blockchain Platform: before 21.1.2


CPE2.3
External links

http://www.oracle.com/security-alerts/cpuapr2022.html?952583

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Protection mechanism failure

EUVDB-ID: #VU20844

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-10086

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exist due to Beanutils is not using by default the a special BeanIntrospector class in PropertyUtilsBean that was supposed to suppress the ability for an attacker to access the classloader via the class property available on all Java objects. A remote attacker can abuse such application behavior against applications that were developed to rely on this security feature.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Blockchain Platform: before 21.1.2


CPE2.3
External links

http://www.oracle.com/security-alerts/cpuapr2022.html?952583

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Prototype polution

EUVDB-ID: #VU41989

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-8203

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when using _.zipObjectDeep in lodash. A remote attacker can inject and execute arbitrary script code.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Blockchain Platform: before 21.1.2


CPE2.3
External links

http://www.oracle.com/security-alerts/cpuapr2022.html?952583

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Improper Authorization

EUVDB-ID: #VU19562

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-13565

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges.
The vulnerability exists due to incorrect processing of SASL authentication and session encryption in OpenLDAP. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections, allowing to bypass ACLs and obtain access by performing simple binds.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Blockchain Platform: before 21.1.2


CPE2.3
External links

http://www.oracle.com/security-alerts/cpuapr2022.html?952583

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Resource exhaustion

EUVDB-ID: #VU27513

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-11612

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within ZlibDecoders in Netty while decoding a ZlibEncoded byte stream. A remote attacker can trigger resource exhaustion by passing an overly large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Blockchain Platform: before 21.1.2


CPE2.3
External links

http://www.oracle.com/security-alerts/cpuapr2022.html?952583

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Resource management error

EUVDB-ID: #VU48779

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-17527

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to improper management of internal resources within the application when processing HTTP/2 requests in Apache Tomcat. The web server can re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. As a result a remote attacker can obtain sensitive information from another HTTP request.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Blockchain Platform: before 21.1.2


CPE2.3
External links

http://www.oracle.com/security-alerts/cpuapr2022.html?952583

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Information disclosure

EUVDB-ID: #VU24240

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-12399

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output within the Apache Kafka Connect REST API tasks endpoint. A remote authenticated user can issue a request to the same Connect cluster to obtain the connector's task configurations and the response will contain the plaintext secret.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Blockchain Platform: before 21.1.2


CPE2.3
External links

http://www.oracle.com/security-alerts/cpuapr2022.html?952583

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Comparison using wrong factors

EUVDB-ID: #VU49086

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-28052

CWE-ID: CWE-1025 - Comparison using wrong factors

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to brute-force password hashes.

The vulnerability exists due to comparison error in OpenBSDBCrypt.checkPassword() function in core/src/main/java/org/bouncycastle/crypto/generators/OpenBSDBCrypt.java when matching passwords with hashes. A remote attacker can pass an incorrect password that will be accepted as a valid one by the library, bypass authentication process and gain unauthorized access to the application that uses vulnerable version of Bouncy Castle.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Blockchain Platform: before 21.1.2


CPE2.3
External links

http://www.oracle.com/security-alerts/cpuapr2022.html?952583

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Deserialization of Untrusted Data

EUVDB-ID: #VU47105

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-24750

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. A remote attacker can execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Blockchain Platform: before 21.1.2


CPE2.3
External links

http://www.oracle.com/security-alerts/cpuapr2022.html?952583

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Buffer overflow

EUVDB-ID: #VU28539

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-8174

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within napi_get_value_string_latin1(), napi_get_value_string_utf8(), or napi_get_value_string_utf16() functions. A remote attacker can create a specially crafted data to the application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Blockchain Platform: before 21.1.2


CPE2.3
External links

http://www.oracle.com/security-alerts/cpuapr2022.html?952583

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Improper input validation

EUVDB-ID: #VU55044

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-2351

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Advanced Networking Option in Oracle Database Server. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Blockchain Platform: 21.1.2


CPE2.3 External links

http://www.oracle.com/security-alerts/cpuapr2022.html?952583

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Code Injection

EUVDB-ID: #VU25726

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-5245

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote authenticated attacker can inject arbitrary Java Expression Language expressions when using the self-validating feature and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Blockchain Platform: before 21.1.2


CPE2.3
External links

http://www.oracle.com/security-alerts/cpuapr2022.html?952583

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Off-by-one

EUVDB-ID: #VU53543

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-23017

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an off-by-one error within the ngx_resolver_copy() function when processing DNS responses. A remote attacker can trigger an off-by-one error, write a dot character (‘.’, 0x2E) out of bounds in a heap allocated buffer and execute arbitrary code on the system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is configured. A specially crafted packet allows overwriting the least significant byte of next heap chunk metadata with 0x2E.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Blockchain Platform: before 21.1.2


CPE2.3
External links

http://www.oracle.com/security-alerts/cpuapr2022.html?952583

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###