Vulnerabilities > CVE-2013-5880 - Remote Security vulnerability in Oracle Supply Chain products Suite 12.2.0/12.2.1/12.2.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
| description | Oracle Supply Chain Products Suite Remote Security Vulnerability. CVE-2013-5880. Remote exploits for multiple platform |
| id | EDB-ID:39018 |
| last seen | 2016-02-04 |
| modified | 2014-01-14 |
| published | 2014-01-14 |
| reporter | Oracle |
| source | https://www.exploit-db.com/download/39018/ |
| title | Oracle Supply Chain Products Suite Remote Security Vulnerability |
Metasploit
description This module exploits a database credentials leak found in Oracle Demantra 12.2.1 in combination with an authentication bypass. This way an unauthenticated user can retrieve the database name, username and password on any vulnerable machine. id MSF:AUXILIARY/SCANNER/HTTP/ORACLE_DEMANTRA_DATABASE_CREDENTIALS_LEAK last seen 2020-05-24 modified 2019-03-05 published 2014-04-07 references - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5795
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5880
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2013-5795/
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2013-5880/
reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/oracle_demantra_database_credentials_leak.rb title Oracle Demantra Database Credentials Leak description This module exploits a file download vulnerability found in Oracle Demantra 12.2.1 in combination with an authentication bypass. By combining these exposures, an unauthenticated user can retrieve any file on the system by referencing the full file path to any file a vulnerable machine. id MSF:AUXILIARY/SCANNER/HTTP/ORACLE_DEMANTRA_FILE_RETRIEVAL last seen 2020-05-20 modified 2019-03-05 published 2014-03-27 references - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5877
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5880
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2013-5877/
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2013-5880/
reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/oracle_demantra_file_retrieval.rb title Oracle Demantra Arbitrary File Retrieval with Authentication Bypass
Packetstorm
| data source | https://packetstormsecurity.com/files/download/125483/oracledemantra-bypass.txt |
| id | PACKETSTORM:125483 |
| last seen | 2016-12-05 |
| published | 2014-03-02 |
| reporter | Oliver Gruskovnjak |
| source | https://packetstormsecurity.com/files/125483/Oracle-Demantra-12.2.1-Authentication-Bypass.html |
| title | Oracle Demantra 12.2.1 Authentication Bypass |