• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Oracle Solaris Multiple Third Party Components Multiple Vulnerabilities
April 17, 2019
Rewterz Threat Advisory – Oracle Solaris Multiple Third Party Components Multiple Vulnerabilities
April 17, 2019

Rewterz Threat Advisory – Oracle Primavera P6 Enterprise Project Portfolio Management Multiple Vulnerabilities

April 17, 2019

Severity

High

Analysis Summary

Multiple vulnerabilities have been reported in Oracle Primavera P6 Enterprise Project Portfolio Management, which may lead to disclosure of sensitive information and security bypass, if exploited.
 

CVE-2018-0734
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. Variations in the signing algorithm can be used by an attacker to recover the private key. 
 

CVE-2016-1000031
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution

CVE-2018-0735
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. 

Impact

  • Exposure of sensitive information 
  • Security Bypass 
  • Other Unknown impact

Affected Vendors

Oracle

Affected Products

Oracle Primavera P6 Enterprise Project Portfolio Management 8.4

Remediation

Apply update.

https://support.oracle.com/rs?type=doc&id=2512516.1

Additional Information:

CVE-2018-0734

Fixed in OpenSSL 1.1.1a (Affected 1.1.1)

Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)

Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)

CVE-2018-0735

Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)

Fixed in OpenSSL 1.1.1a (Affected 1.1.1)

  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.