cummulative SB for Oracle April 2020 - Advisories
- patches available
-
in focus:
- BaseScore >= 8 AND
- Attack_Vector == Network AND
- Attack Complex in (mid, low) AND
- Privs Reqired == None AND
- User Interaction == None
-
a very special attention must be given, if POCs emerging for the MySQL and WebLogic - Vulns (none so far as of 2020-04-16)
Critical CVE with high nr of instances found
| CVE | Product | CVSS | Instances Found |
| CVE-2019-5482 | MySQL Server | 9.8 | 5.100.000 |
| CVE-2019-13990 | Oracle Fusion Middleware | 9.8 | 15.000 |
| CVE-2019-17571 | Oracle WebLogic Server | 9.8 | 24.000 |
| CVE-2020-2801 | Oracle WebLogic Server | 9.8 | 24.000 |
| CVE-2020-2883 | Oracle WebLogic Server | 9.8 | 24.000 |
| CVE-2020-2884 | Oracle WebLogic Server | 9.8 | 24.000 |
| CVE-2020-2867 | Oracle WebLogic Server | 8.2 | 24.000 |
| CVE-2020-2733 | JD Edwards EnterpriseOne Tools | 9.8 | 350 |
Critical CVE with low nr of instances found
| CVE | Product | CVSS | Instances Found |
| CVE-2020-2950, CVE-2016-1000031 | Oracle Business Intelligence Enterprise Edition | 9.8 | ??? |
| CVE-2019-16943 | Oracle WebCenter Portal | 9.8 | 130 |
| CVE-2019-15606 | Oracle GraalVM Enterprise Edition | 9.8 | ?? |
| CVE-2020-2791 | Oracle Knowledge | 9.8 | ??? |
| CVE-2016-1000031 | Oracle Knowledge | 9.8 | ??? |
| CVE-2020-2931 | Oracle Knowledge | 9.8 | ??? |
References
Fragen? Kontakt: info@zero.bs