ID CVE-2013-5795
Summary Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.
References
Vulnerable Configurations
  • Oracle Supply Chain Products Suite SQL-Server 12.2.3
    cpe:2.3:a:oracle:supply_chain_products_suite_sql-server:12.2.3
  • Oracle Supply Chain Products Suite 7.2.0.3
    cpe:2.3:a:oracle:supply_chain_products_suite:7.2.0.3
  • Oracle Supply Chain Products Suite SQL-Server 7.3.0
    cpe:2.3:a:oracle:supply_chain_products_suite_sql-server:7.3.0
  • Oracle Supply Chain Products Suite SQL-Server 7.3.1
    cpe:2.3:a:oracle:supply_chain_products_suite_sql-server:7.3.1
  • Oracle Supply Chain Products Suite SQL-Server 12.2.1
    cpe:2.3:a:oracle:supply_chain_products_suite_sql-server:12.2.1
  • Oracle Supply Chain Products Suite SQL-Server 12.2.2
    cpe:2.3:a:oracle:supply_chain_products_suite_sql-server:12.2.2
CVSS
Base: 5.0 (as of 16-01-2014 - 13:12)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description Oracle Demantra 12.2.1 - Database Credentials Disclosure. CVE-2013-5795. Webapps exploit for windows platform
id EDB-ID:31995
last seen 2016-02-03
modified 2014-03-01
published 2014-03-01
reporter Portcullis
source https://www.exploit-db.com/download/31995/
title Oracle Demantra 12.2.1 - Database Credentials Disclosure
metasploit via4
description This module exploits a database credentials leak found in Oracle Demantra 12.2.1 in combination with an authentication bypass. This way an unauthenticated user can retrieve the database name, username and password on any vulnerable machine.
id MSF:AUXILIARY/SCANNER/HTTP/ORACLE_DEMANTRA_DATABASE_CREDENTIALS_LEAK
last seen 2019-03-27
modified 2019-03-05
published 2014-04-07
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/oracle_demantra_database_credentials_leak.rb
title Oracle Demantra Database Credentials Leak
packetstorm via4
data source https://packetstormsecurity.com/files/download/125484/oracledemantra-leak.txt
id PACKETSTORM:125484
last seen 2016-12-05
published 2014-03-02
reporter Oliver Gruskovnjak
source https://packetstormsecurity.com/files/125484/Oracle-Demantra-12.2.1-Database-Credential-Leak.html
title Oracle Demantra 12.2.1 Database Credential Leak
refmap via4
bid
  • 64758
  • 64846
confirm http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
osvdb 102096
sectrack 1029620
secunia 56474
Last major update 27-01-2014 - 23:56
Published 15-01-2014 - 11:11
Back to Top