Technology firm Oracle recently released a report to publicly disclose multiple security vulnerabilities present in Oracle Application Testing Suite. These flaws vary in severity, although the web application security report mentions at least one security issue tracked as critical.
The first report concerns a vulnerability in the Oracle Flow Builder component of the Enterprise Manager product. This flaw is easily exploitable and allows an unauthenticated hacker to access the network using HTTP to take full control of the Oracle deployment to exploit the vulnerability tracked as CVE-2016-4000.
The following security flaw is an unspecified vulnerability in Oracle Application Testing Suite of the Oracle Enterprise Manager Load Testing for Web Apps subcomponent. A remote hacker could access the network via HTTP to compromise Oracle deployment, block threads, or even generate denial-of-service conditions, web application security specialists mentioned.
Oracle also revealed the presence of an unspecified vulnerability in the Oracle Enterprise Manager Load Testing for Web Apps subcomponent. A remote hacker can access the network via HTTP; generating interaction with a user, the attacker could affect additional products, a vulnerability known as CVE-2017-14735.
The following scenario posed by web application security experts relates to a vulnerability not specified in Oracle Application Testing Suite of the Oracle Enterprise Manager Load Testing (Application Developer Framework) subcomponent. By exploiting the CVE-2019-2904 vulnerability, an unauthenticated remote attacker could take full control of Oracle Application Testing Suite.
The Oracle report also lists the vulnerability identified as CVE-2019-11358. If exploited, this flaw would allow threat actors to generate human interaction to affect additional products to Oracle Enterprise Manager Oracle Flow Builder (jQuerry).
International Institute of Cyber Security (IICS) web application security specialists mention that mitigations for all of these security flaws are found in Oracle’s critical patch, released during the first days of January 2020, so administrators of these deployments should only install the patch. For more details, please refer to the official website of the company.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
