CVE-2013-3749 — Oracle E-business Suite vulnerability

3 documents3 sources

Severity

3.5LOWNVD

EPSS

0.7%

top 26.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle E-business Suite

Timeline

PublishedJul 17

Latest updateMay 17

Description

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Logging. NOTE: the previous information is from the July 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to storage of credentials in the (1) FND_LOG_MESSAGES database table or (2) log files by "native login pages."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

▶NVDoracle/e-business_suite11.5.10.2, 12.0.6, 12.1.3+2

🔴Vulnerability Details

GHSA

GHSA-p9jw-9j8x-gjwg: Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11↗2022-05-17

▶

CVEList

CVE-2013-3749: Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11↗2013-07-17

▶