Vulnerabilities > CVE-2013-5877 - Remote Security vulnerability in Oracle products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, and 12.2.1 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Exploit-Db
description | Oracle Demantra 12.2.1 - Arbitrary File Disclosure. CVE-2013-5877. Webapps exploit for windows platform |
id | EDB-ID:31992 |
last seen | 2016-02-03 |
modified | 2014-03-01 |
published | 2014-03-01 |
reporter | Portcullis |
source | https://www.exploit-db.com/download/31992/ |
title | Oracle Demantra 12.2.1 - Arbitrary File Disclosure |
Metasploit
description | This module exploits a file download vulnerability found in Oracle Demantra 12.2.1 in combination with an authentication bypass. By combining these exposures, an unauthenticated user can retrieve any file on the system by referencing the full file path to any file a vulnerable machine. |
id | MSF:AUXILIARY/SCANNER/HTTP/ORACLE_DEMANTRA_FILE_RETRIEVAL |
last seen | 2020-05-20 |
modified | 2019-03-05 |
published | 2014-03-27 |
references |
|
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/oracle_demantra_file_retrieval.rb |
title | Oracle Demantra Arbitrary File Retrieval with Authentication Bypass |
Packetstorm
data source | https://packetstormsecurity.com/files/download/125482/oracledemantra-lfi.txt |
id | PACKETSTORM:125482 |
last seen | 2016-12-05 |
published | 2014-03-01 |
reporter | Oliver Gruskovnjak |
source | https://packetstormsecurity.com/files/125482/Oracle-Demantra-12.2.1-Arbitrary-File-Retrieval.html |
title | Oracle Demantra 12.2.1 Arbitrary File Retrieval |