Vulnerabilities > CVE-2013-3624 - Cryptographic Issues vulnerability in Baramundi Management Suite

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

NONE

Availability impact

NONE

network

low complexity

baramundi

CWE-310

NVD

Published: 2013-10-03

Updated: 2013-12-13

Summary

The OS deployment feature in Baramundi Management Suite 7.5 through 8.9 stores credentials in cleartext on deployed machines, which allows remote attackers to obtain sensitive information by reading a file. NOTE: this ID was also incorrectly mapped to a separate issue in Oracle Outside In, but the correct ID for that issue is CVE-2013-5763.

Vulnerable Configurations

Part	Description	Count
Application	Baramundi Baramundi Management Suite 7.5 Baramundi Management Suite 7.6 Baramundi Management Suite 8.0 Baramundi Management Suite 8.1 Baramundi Management Suite 8.2 Baramundi Management Suite 8.3 Baramundi Management Suite 8.5 Baramundi Management Suite 8.6 Baramundi Management Suite 8.7 Baramundi Management Suite 8.8 Baramundi Management Suite 8.9	11

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Seebug

bulletinFamily	exploit
description	CVE ID:CVE-2013-5763 Oracle Fusion Middleware是一款Oracle公司开发的融合中间件。 Oracle Fusion Middleware中的Oracle Outside In Technology组件存在未明安全漏洞，允许远程攻击者利用漏洞以应用程序上下文执行任意代码，漏洞相关Outside In Maintenance。该漏洞原来错误的映射到CVE-2013-3624中。 0 Oracle Fusion Middleware 8.4.0 厂商补丁： Oracle ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
id	SSV:61129
last seen	2017-11-19
modified	2013-12-16
published	2013-12-16
reporter	Root
title	Oracle Fusion Middleware Oracle Outside In Technology未明代码执行漏洞

References

http://www.kb.cert.org/vuls/id/392654