Vulnerability CVE-2013-0372


Published: 2013-01-16   Modified: 2013-01-17

Description:
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1 and 12.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Oracle Enterprise Manager advReplicationAdmin SQL Injection
Application Secu...
23.02.2013

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

Vendor: Oracle
Product: Enterprise manager plugin for database control 
Version: 12.1.0.2;
Product: Enterprise manager grid control 
Version: 12.1.0.1; 11.1.0.1;
Product: Enterprise manager database control 
Version:
11.2.0.3
11.2.0.2
11.1.0.7

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://www.securityfocus.com/bid/57378
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://marc.info/?l=bugtraq&m=139344343412337&w=2

Related CVE
CVE-2019-2729
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated at...
CVE-2019-2726
Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Services Integration). The supported version that is affected is 12.3.3. Difficult to exploit vulnerability allows low privileged ...
CVE-2019-2725
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with ...
CVE-2019-2723
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon...
CVE-2019-2722
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon...
CVE-2019-2721
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon...
CVE-2019-2720
Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: ODI Tools). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows low privileged attacker with ne...
CVE-2019-2719
Vulnerability in the Oracle Knowledge component of Oracle Siebel CRM (subcomponent: Web Applications (InfoCenter)). Supported versions that are affected are 8.5.1.0 - 8.5.1.7, 8.6.0 and 8.6.1. Easily exploitable vulnerability allows unauthenticated a...

Copyright 2019, cxsecurity.com

 

Back to Top