Vulnerabilities > CVE-2013-5795 - Remote Security vulnerability in Oracle products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.
Vulnerable Configurations
Exploit-Db
| description | Oracle Demantra 12.2.1 - Database Credentials Disclosure. CVE-2013-5795. Webapps exploit for windows platform |
| id | EDB-ID:31995 |
| last seen | 2016-02-03 |
| modified | 2014-03-01 |
| published | 2014-03-01 |
| reporter | Portcullis |
| source | https://www.exploit-db.com/download/31995/ |
| title | Oracle Demantra 12.2.1 - Database Credentials Disclosure |
Metasploit
| description | This module exploits a database credentials leak found in Oracle Demantra 12.2.1 in combination with an authentication bypass. This way an unauthenticated user can retrieve the database name, username and password on any vulnerable machine. |
| id | MSF:AUXILIARY/SCANNER/HTTP/ORACLE_DEMANTRA_DATABASE_CREDENTIALS_LEAK |
| last seen | 2020-05-24 |
| modified | 2019-03-05 |
| published | 2014-04-07 |
| references |
|
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/oracle_demantra_database_credentials_leak.rb |
| title | Oracle Demantra Database Credentials Leak |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/125484/oracledemantra-leak.txt |
| id | PACKETSTORM:125484 |
| last seen | 2016-12-05 |
| published | 2014-03-02 |
| reporter | Oliver Gruskovnjak |
| source | https://packetstormsecurity.com/files/125484/Oracle-Demantra-12.2.1-Database-Credential-Leak.html |
| title | Oracle Demantra 12.2.1 Database Credential Leak |