ID CVE-2013-5877
Summary Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, and 12.2.1 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.
References
Vulnerable Configurations
  • Oracle Supply Chain Products Suite SQL-Server 12.2.0
    cpe:2.3:a:oracle:supply_chain_products_suite_sql-server:12.2.0
  • Oracle Supply Chain Products Suite 7.2.0.3
    cpe:2.3:a:oracle:supply_chain_products_suite:7.2.0.3
  • Oracle Supply Chain Products Suite SQL-Server 7.3.0
    cpe:2.3:a:oracle:supply_chain_products_suite_sql-server:7.3.0
  • Oracle Supply Chain Products Suite SQL-Server 7.3.1
    cpe:2.3:a:oracle:supply_chain_products_suite_sql-server:7.3.1
  • Oracle Supply Chain Products Suite SQL-Server 12.2.1
    cpe:2.3:a:oracle:supply_chain_products_suite_sql-server:12.2.1
CVSS
Base: 5.0 (as of 16-01-2014 - 14:40)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description Oracle Demantra 12.2.1 - Arbitrary File Disclosure. CVE-2013-5877. Webapps exploit for windows platform
id EDB-ID:31992
last seen 2016-02-03
modified 2014-03-01
published 2014-03-01
reporter Portcullis
source https://www.exploit-db.com/download/31992/
title Oracle Demantra 12.2.1 - Arbitrary File Disclosure
metasploit via4
description This module exploits a file download vulnerability found in Oracle Demantra 12.2.1 in combination with an authentication bypass. By combining these exposures, an unauthenticated user can retrieve any file on the system by referencing the full file path to any file a vulnerable machine.
id MSF:AUXILIARY/SCANNER/HTTP/ORACLE_DEMANTRA_FILE_RETRIEVAL
last seen 2019-03-27
modified 2019-03-05
published 2014-03-27
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/oracle_demantra_file_retrieval.rb
title Oracle Demantra Arbitrary File Retrieval with Authentication Bypass
packetstorm via4
data source https://packetstormsecurity.com/files/download/125482/oracledemantra-lfi.txt
id PACKETSTORM:125482
last seen 2016-12-05
published 2014-03-01
reporter Oliver Gruskovnjak
source https://packetstormsecurity.com/files/125482/Oracle-Demantra-12.2.1-Arbitrary-File-Retrieval.html
title Oracle Demantra 12.2.1 Arbitrary File Retrieval
refmap via4
bid
  • 64758
  • 64831
confirm http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
osvdb 102094
sectrack 1029620
secunia 56474
Last major update 06-02-2014 - 23:50
Published 15-01-2014 - 11:11
Back to Top