CVE-2013-5795 : Unspecified vulnerability in the Oracle Demantra Demand Management component in

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.

Published 2014-01-15 16:11:05

Updated 2025-04-11 00:51:22

Source Oracle

View at NVD, CVE.org

Products affected by CVE-2013-5795

Oracle » Supply Chain Products Suite » Version: 7.2.0.3
cpe:2.3:a:oracle:supply_chain_products_suite:7.2.0.3:*:*:*:*:*:*:*
Matching versions
Oracle » Supply Chain Products Suite Sql-server » Version: 12.2.3
cpe:2.3:a:oracle:supply_chain_products_suite_sql-server:12.2.3:*:*:*:*:*:*:*
Matching versions
Oracle » Supply Chain Products Suite Sql-server » Version: 12.2.1
cpe:2.3:a:oracle:supply_chain_products_suite_sql-server:12.2.1:*:*:*:*:*:*:*
Matching versions
Oracle » Supply Chain Products Suite Sql-server » Version: 12.2.2
cpe:2.3:a:oracle:supply_chain_products_suite_sql-server:12.2.2:*:*:*:*:*:*:*
Matching versions
Oracle » Supply Chain Products Suite Sql-server » Version: 7.3.0
cpe:2.3:a:oracle:supply_chain_products_suite_sql-server:7.3.0:*:*:*:*:*:*:*
Matching versions
Oracle » Supply Chain Products Suite Sql-server » Version: 7.3.1
cpe:2.3:a:oracle:supply_chain_products_suite_sql-server:7.3.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-5795

EPSS FAQ

74.84%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2013-5795

Oracle Demantra Database Credentials Leak

Disclosure Date: 2014-02-28

First seen: 2020-04-26

auxiliary/scanner/http/oracle_demantra_database_credentials_leak

This module exploits a database credentials leak found in Oracle Demantra 12.2.1 in combination with an authentication bypass. This way an unauthenticated user can retrieve the database name, username and password on any vulnerable machine. Authors: - Oliver Gruskov

More information

CVSS scores for CVE-2013-5795

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2013-5795

http://www.securitytracker.com/id/1029620

Oracle Supply Chain Products Suite Lets Remote Users Access and Modify Data and Remote Authenticated Users Deny Service - SecurityTracker

CVEs referencing this url
http://osvdb.org/102096
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Oracle Critical Patch Update - January 2014
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/64758

RETIRED: Oracle January 2014 Critical Patch Update Multiple Vulnerabilities

CVEs referencing this url
http://secunia.com/advisories/56474

Sign in

CVEs referencing this url
http://www.securityfocus.com/bid/64846

Oracle Supply Chain Products Suite CVE-2013-5795 Remote Security Vulnerability

Jump to

Vulnerability Details : CVE-2013-5795

Products affected by CVE-2013-5795

Exploit prediction scoring system (EPSS) score for CVE-2013-5795

Metasploit modules for CVE-2013-5795

Oracle Demantra Database Credentials Leak

CVSS scores for CVE-2013-5795

References for CVE-2013-5795