cbcvebase.
CVE-2013-5877
published 2014-01-15

CVE-2013-5877: Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0…

PriorityP351medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
54.97%
98.9th percentile
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, and 12.2.1 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.

Affected

5 ranges
VendorProductVersion rangeFixed in
oraclesupply_chain_products_suite
oraclesupply_chain_products_suite_sql-server
oraclesupply_chain_products_suite_sql-server
oraclesupply_chain_products_suite_sql-server
oraclesupply_chain_products_suite_sql-server

Detection & IOCsextracted from sources · hover to see the quote

url/demantra/GraphServlet
pathC:/Program Files (x86)/Oracle Demantra Spectrum/Collaborator/demantra/WEB-INF/web.xml
commandPOST /demantra/GraphServlet HTTP/1.1
  • Monitor for POST requests to /demantra/GraphServlet containing a 'filename' parameter referencing local file paths (e.g., absolute Windows paths or WEB-INF resources), which indicates exploitation of the arbitrary file retrieval vulnerability.
  • The exploit combines an authentication bypass with a file download vulnerability, meaning POST requests to /demantra/GraphServlet with file path parameters may arrive without valid session credentials — alert on unauthenticated POST requests to this endpoint.
  • Responses to exploitation return Content-Type: image/png regardless of the actual file content — detect anomalous large image/png responses from /demantra/GraphServlet that contain XML or text content (e.g., web.xml disclosure).
  • High-value target file for attackers is WEB-INF/web.xml; alert on any request parameter containing 'WEB-INF' or 'web.xml' strings directed at the Oracle Demantra application.
  • ·The vulnerability affects Oracle Demantra versions 7.2.0.3 (SQL-Server), 7.3.0, 7.3.1, 12.2.0, and 12.2.1; the exploit PoC specifically targets 12.2.1 but the authentication bypass and file retrieval may apply across all listed versions.
  • ·Impact severity depends on the read permissions of the web server user account; files readable by that account (including full application source code) can be exfiltrated.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.