Hi Team,
I got notification from my company's Cyber Sec dept that Nagios XI is vulnerable to Oracle Security Alert Advisory - CVE-2020-14750.
I can't find a patch on the oracle site without being a customer it seems - my free account I logged into does not work.
Will Nagios be issuing a patch for this or can you tell me how I can fix? It has only been released in the past 24 hours so appreciate it is new
Oracle Security Alert Advisory - CVE-2020-14750
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: Oracle Security Alert Advisory - CVE-2020-14750
Hi @techgeek,
The affected product in the CVE description is Oracle WebLogic Server, so it looks like this is not directly related to Nagios XI. If your monitoring Oracle using the XI Wizard does require InstantClient from Oracle to be installed, but it doesn't look like that product is affected by this CVE ( correct me if this not right).
Reference:
https://www.oracle.com/security-alerts/ ... ppendixFMW
The affected product in the CVE description is Oracle WebLogic Server, so it looks like this is not directly related to Nagios XI. If your monitoring Oracle using the XI Wizard does require InstantClient from Oracle to be installed, but it doesn't look like that product is affected by this CVE ( correct me if this not right).
Reference:
https://www.oracle.com/security-alerts/ ... ppendixFMW
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!