Vulnerabilities > CVE-2013-0358 - SQL Injection vulnerability in Oracle products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

oracle

nessus

NVD

Published: 2013-01-17

Updated: 2013-10-11

Summary

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Resource Manager.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Enterprise Manager Database Control 10.2.0.3 Oracle Enterprise Manager Database Control 10.2.0.4 Oracle Enterprise Manager Database Control 10.2.0.5 Oracle Enterprise Manager Database Control 11.1.0.7 Oracle Enterprise Manager Database Control 11.2.0.2 Oracle Enterprise Manager Database Control 11.2.0.3 Oracle Enterprise Manager Grid Control 10.2.0.5 Oracle Enterprise Manager Grid Control 11.1.0.1 Oracle Enterprise Manager Plugin FOR Database Control 12.1.0.1 Oracle Enterprise Manager Plugin FOR Database Control 12.1.0.2	10

Nessus

NASL family	Databases
NASL id	ORACLE_RDBMS_CPU_JAN_2013.NASL
description	The remote Oracle database server is missing the January 2013 Critical Patch Update (CPU) and is, therefore, potentially affected by security issues in the following components : - Oracle Spatial - Enterprise Manager Base Platform
last seen	2020-06-02
modified	2013-01-18
plugin id	63623
published	2013-01-18
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/63623
title	Oracle Database Multiple Vulnerabilities (January 2013 CPU)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(63623); script_version("1.20"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01"); script_cve_id( "CVE-2012-3219", "CVE-2012-3220", "CVE-2012-5062", "CVE-2013-0352", "CVE-2013-0353", "CVE-2013-0354", "CVE-2013-0355", "CVE-2013-0358", "CVE-2013-0372", "CVE-2013-0373", "CVE-2013-0374" ); script_bugtraq_id( 57336, 57349, 57354, 57361, 57365, 57368, 57370, 57372, 57373, 57378, 57382 ); script_name(english:"Oracle Database Multiple Vulnerabilities (January 2013 CPU)"); script_summary(english:"Checks installed patch info"); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Oracle database server is missing the January 2013 Critical Patch Update (CPU) and is, therefore, potentially affected by security issues in the following components : - Oracle Spatial - Enterprise Manager Base Platform"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525775/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525776/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525779/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525782/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525783/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525784/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525786/30/0/threaded"); # http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b56cce0c"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the January 2013 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3220"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/15"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/18"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server"); script_set_attribute(attribute:"agent", value:"all"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin"); exit(0); } include("oracle_rdbms_cpu_func.inc"); ################################################################################ # JAN2013 patches = make_nested_array(); # RDBMS 11.1.0.7 patches["11.1.0.7"]["db"]["nix"] = make_array("patch_level", "11.1.0.7.14", "CPU", "14841452, 14739378"); patches["11.1.0.7"]["db"]["win32"] = make_array("patch_level", "11.1.0.7.51", "CPU", "15848066"); patches["11.1.0.7"]["db"]["win64"] = make_array("patch_level", "11.1.0.7.51", "CPU", "15848067"); # RDBMS 11.2.0.2 patches["11.2.0.2"]["db"]["nix"] = make_array("patch_level", "11.2.0.2.9", "CPU", "14841437, 14727315"); patches["11.2.0.2"]["db"]["win32"] = make_array("patch_level", "11.2.0.2.23", "CPU", "16100398"); patches["11.2.0.2"]["db"]["win64"] = make_array("patch_level", "11.2.0.2.23", "CPU", "16100399"); # RDBMS 11.2.0.3 patches["11.2.0.3"]["db"]["nix"] = make_array("patch_level", "11.2.0.3.5", "CPU", "14841409, 14727310"); patches["11.2.0.3"]["db"]["win32"] = make_array("patch_level", "11.2.0.3.15", "CPU", "16042647"); patches["11.2.0.3"]["db"]["win64"] = make_array("patch_level", "11.2.0.3.15", "CPU", "16042648"); # RDBMS 10.2.0.5 patches["10.2.0.5"]["db"]["nix"] = make_array("patch_level", "10.2.0.5.10", "CPU", "14841459, 14727319"); patches["10.2.0.5"]["db"]["win32"] = make_array("patch_level", "10.2.0.5.20", "CPU", "15848060"); patches["10.2.0.5"]["db"]["win64"] = make_array("patch_level", "10.2.0.5.20", "CPU", "15848062"); # RDBMS 10.2.0.4 patches["10.2.0.4"]["db"]["nix"] = make_array("patch_level", "10.2.0.4.15", "CPU", "14841471, 14736542"); check_oracle_database(patches:patches, high_risk:TRUE);

Summary

Vulnerable Configurations

Nessus

References