CVE-2013-2397

Unspecified vulnerability in the Oracle Retail Central Office component in Oracle Industry Applications 13.1, 13.2, 13.3, and 13.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Customer Operations (Add, Search).

CVSS v2.0 5.5 MEDIUM

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:N

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:industry_applications:13.1:::::::*
	cpe:2.3:a:oracle:industry_applications:13.2:::::::*
	cpe:2.3:a:oracle:industry_applications:13.3:::::::*
	cpe:2.3:a:oracle:industry_applications:13.4:::::::*

History

No history.

Information

Published : 2013-04-17 17:55

Updated : 2024-02-28 12:00

NVD link : CVE-2013-2397

Mitre link : CVE-2013-2397

CVE.ORG link : CVE-2013-2397

JSON object : View

Products Affected

oracle

industry_applications

CWE

NVD-CWE-noinfo

{"id": "CVE-2013-2397", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-04-17T17:55:06.800", "references": [{"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Oracle Retail Central Office component in Oracle Industry Applications 13.1, 13.2, 13.3, and 13.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Customer Operations (Add, Search)."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en el componente Oracle Retail Central Office en Oracle Industry Applications 13.1, 13.2, 13.3, y 13.4, permite a usuarios autenticados remotamente comprometer la integridad y confidencialidad a trav\u00e9s de vectores no especificados relacionados con Customer Operations (Add, Search)."}], "lastModified": "2013-10-11T03:51:35.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:industry_applications:13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A438350-13DE-4FC7-A468-9375433ECB34"}, {"criteria": "cpe:2.3:a:oracle:industry_applications:13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80753C77-AB40-4C28-908A-10AD9E302C56"}, {"criteria": "cpe:2.3:a:oracle:industry_applications:13.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2318C21-248E-43FD-8FC0-EFAC401BC568"}, {"criteria": "cpe:2.3:a:oracle:industry_applications:13.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0874E70E-EBDB-4469-A2C1-DA1674F266F8"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}