SQL Injection Vulnerability in Oracle Demantra Demand Management Component
CVE-2014-0372

Currently unrated

Key Information:

Vendor: Oracle
Status: Supply Chain Products Suite Sql-server; Supply Chain Products Suite
Vendor: CVE Published:; 15 January 2014

What is CVE-2014-0372?

An unspecified SQL injection vulnerability exists in the Oracle Demantra Demand Management component of the Oracle Supply Chain Products Suite. It allows remote authenticated users to potentially compromise the confidentiality and integrity of the system through unknown vectors related to DM Others. Users should be vigilant and consider applying available patches to mitigate the risks associated with this vulnerability.

References

http://www.exploit-db.com/exploits/31993

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/archive/1/531316/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://osvdb.org/102103

vdb-entryx_refsource_OSVDB

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 15, 2014
Vulnerability Reserved
Dec 12, 2013