Vulnerabilities > CVE-2013-3749 - Remote Password Disclosure vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Logging. NOTE: the previous information is from the July 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to storage of credentials in the (1) FND_LOG_MESSAGES database table or (2) log files by "native login pages."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
| NASL family | Misc. |
| NASL id | ORACLE_E-BUSINESS_CPU_JUL_2013.NASL |
| description | The version of Oracle E-Business installed on the remote host is missing the July 2013 Critical Patch Update (CPU). It is, therefore, affected by security issues in the following components : - Oracle Landed Cost Management - Oracle Application Object Library - Oracle Applications Technology Stack - Oracle iSupplier Portal - Oracle Applications Technology Stack |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 70178 |
| published | 2013-09-27 |
| reporter | This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/70178 |
| title | Oracle E-Business (July 2013 CPU) |
References
- http://osvdb.org/95286
- http://secunia.com/advisories/54222
- http://www.kb.cert.org/vuls/id/826463
- http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- http://www.securityfocus.com/bid/61268
- http://www.securitytracker.com/id/1028799
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85673