CVE-2013-0397
Oracle Application Framework - Diagnostic Mode Bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Diagnostics.
Una vulnerabilidad no especificada en el componente Oracle Applications Framework en Oracle E-Business Suite v11.5.10.2, v12.0.6 y v12.1.3 permite a atacantes remotos afectar la confidencialidad y la integridad a través de vectores desconocidos relacionados con "Diagnostics".
The Oracle Application Framework supports diagnostic and developer mode features that are intended to be enabled from developer or administrative interfaces. However, any user can manually enable the modes by setting the "OADiagnostic" or "OADeveloperMode" cookies to "1". Versions affected include 11.5.10.2, 12.0.6, and 12.1.3.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-12-07 CVE Reserved
- 2013-01-16 CVE Published
- 2013-01-16 First Exploit
- 2024-08-06 CVE Updated
- 2024-10-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://secunia.com/advisories/57126 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/24158 | 2013-01-16 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | E-business Suite Search vendor "Oracle" for product "E-business Suite" | 11.5.10.2 Search vendor "Oracle" for product "E-business Suite" and version "11.5.10.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | E-business Suite Search vendor "Oracle" for product "E-business Suite" | 12.0.6 Search vendor "Oracle" for product "E-business Suite" and version "12.0.6" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | E-business Suite Search vendor "Oracle" for product "E-business Suite" | 12.1.3 Search vendor "Oracle" for product "E-business Suite" and version "12.1.3" | - |
Affected
|