Vulnerabilities > CVE-2014-0372 - SQL Injection vulnerability in Oracle products
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to DM Others.
Vulnerable Configurations
Exploit-Db
| description | Oracle Demantra 12.2.1 - SQL Injection Vulnerability. CVE-2014-0372. Webapps exploit for windows platform |
| file | exploits/windows/webapps/31993.txt |
| id | EDB-ID:31993 |
| last seen | 2016-02-03 |
| modified | 2014-03-01 |
| platform | windows |
| port | 8080 |
| published | 2014-03-01 |
| reporter | Portcullis |
| source | https://www.exploit-db.com/download/31993/ |
| title | Oracle Demantra 12.2.1 - SQL Injection Vulnerability |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/125487/oracledemantra-sql.txt |
| id | PACKETSTORM:125487 |
| last seen | 2016-12-05 |
| published | 2014-03-02 |
| reporter | Oliver Gruskovnjak |
| source | https://packetstormsecurity.com/files/125487/Oracle-Demantra-12.2.1-SQL-Injection.html |
| title | Oracle Demantra 12.2.1 SQL Injection |
References
- http://osvdb.org/102103
- http://secunia.com/advisories/56474
- http://www.exploit-db.com/exploits/31993
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.securityfocus.com/archive/1/531316/100/0/threaded
- http://www.securityfocus.com/bid/64758
- http://www.securityfocus.com/bid/64826
- http://www.securitytracker.com/id/1029620