Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Oracle Security Alert Advisory - CVE-2020-14750

https://support.nagios.com/forum/viewtopic.php?t=60603

Page 1 of 1

Oracle Security Alert Advisory - CVE-2020-14750

Posted: Tue Nov 03, 2020 1:40 pm
by techgeek
Hi Team,

I got notification from my company's Cyber Sec dept that Nagios XI is vulnerable to Oracle Security Alert Advisory - CVE-2020-14750.
I can't find a patch on the oracle site without being a customer it seems - my free account I logged into does not work.

Will Nagios be issuing a patch for this or can you tell me how I can fix? It has only been released in the past 24 hours so appreciate it is new

Re: Oracle Security Alert Advisory - CVE-2020-14750

Posted: Tue Nov 03, 2020 2:16 pm
by benjaminsmith
Hi @techgeek,

The affected product in the CVE description is Oracle WebLogic Server, so it looks like this is not directly related to Nagios XI. If your monitoring Oracle using the XI Wizard does require InstantClient from Oracle to be installed, but it doesn't look like that product is affected by this CVE ( correct me if this not right).

Reference:
https://www.oracle.com/security-alerts/ ... ppendixFMW
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited