Vulnerabilities > CVE-2013-3624 - Cryptographic Issues vulnerability in Baramundi Management Suite

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
baramundi
CWE-310
NVD
Published: 2013-10-03
Updated: 2024-11-21

Summary

The OS deployment feature in Baramundi Management Suite 7.5 through 8.9 stores credentials in cleartext on deployed machines, which allows remote attackers to obtain sensitive information by reading a file. NOTE: this ID was also incorrectly mapped to a separate issue in Oracle Outside In, but the correct ID for that issue is CVE-2013-5763.

Vulnerable Configurations

Part Description Count
Application
Baramundi
11

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Seebug

bulletinFamilyexploit
descriptionCVE ID:CVE-2013-5763 Oracle Fusion Middleware是一款Oracle公司开发的融合中间件。 Oracle Fusion Middleware中的Oracle Outside In Technology组件存在未明安全漏洞,允许远程攻击者利用漏洞以应用程序上下文执行任意代码,漏洞相关Outside In Maintenance。 该漏洞原来错误的映射到CVE-2013-3624中。 0 Oracle Fusion Middleware 8.4.0 厂商补丁: Oracle ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
idSSV:61129
last seen2017-11-19
modified2013-12-16
published2013-12-16
reporterRoot
titleOracle Fusion Middleware Oracle Outside In Technology未明代码执行漏洞

References