40 matches found
CVE-2023-21850
Summary: CVE-2023-21850 affects Oracle Demantra Demand Management (E-Business Collections) versions 12.1–12.2. The issue arises from insufficient input validation in the E-Business Collections component, allowing an unauthenticated attacker with network access over HTTP to compromise the system a...
CVE-2020-2557
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain component: Security. Supported versions that are affected are 12.2.4, 12.2.4.1, 12.2.5 and 12.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
CVE-2020-2557
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain component: Security. Supported versions that are affected are 12.2.4, 12.2.4.1, 12.2.5 and 12.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
CVE-2020-2557
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain component: Security. Supported versions that are affected are 12.2.4, 12.2.4.1, 12.2.5 and 12.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
CVE-2020-2557
Oracle Demantra Demand Management (versions 12.2.4–12.2.5.1) is vulnerable due to insufficient access control in the Security component, allowing an unauthenticated attacker with network access over HTTP to compromise data. Successful attacks can result in unauthorized update, insert, or delete o...
CVE-2019-2732
Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite subcomponent: Product Security. The supported version that is affected is 7.3.1.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
CVE-2019-2733
Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite subcomponent: Product Security. The supported version that is affected is 7.3.1.5.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...
CVE-2019-2732
Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite subcomponent: Product Security. The supported version that is affected is 7.3.1.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
CVE-2019-2732
The CVE-2019-2732 entry concerns Oracle Demantra Demand Management, a component of Oracle Supply Chain Products Suite. Affected version: 7.3.1.5.2. Description and Red Hat/CVE records indicate an unauthenticated, network-accessible vulnerability via HTTP that can yield unauthorized read access to...
CVE-2019-2733
CVE-2019-2733 affects Oracle Demantra Demand Management in Oracle Supply Chain Products Suite, subcomponent Product Security, version 7.3.1.5.2. A vulnerability allows a low-privilege, network-accessing attacker (via HTTP) to compromise the Demantra module, potentially performing unauthorized upd...
CVE-2018-3127
CVE-2018-3127 affects Oracle Demantra Demand Management, a component of Oracle Supply Chain Products Suite. Affected versions are 7.3.5 and 12.2. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Demantra Demand Management; successful attacks require ...
Oracle Demantra 12.2.1 - Stored XSS Vulnerability
No description provided by source...
CVE-2014-5795 - Database Credentials Leak in Oracle Demantra
Vulnerability title: Database Credentials Leak in Oracle Demantra CVE: CVE-2014-5795 Vendor: Oracle Product: Demantra Affected version: 12.2.1 Fixed version: 12.2.3 Reported by: Oliver Gruskovnjak Details: Oracle Demantra version 12.2.1 has a backend function that allows anyone to retrieve the...
CVE-2014-5880 - Authentication Bypass in Oracle Demantra
Vulnerability title: Authentication Bypass in Oracle Demantra CVE: CVE-2014-5880 Vendor: Oracle Product: Demantra Affected version: 12.2.1 Fixed version: 12.2.3 Reported by: Oliver Gruskovnjak Details: The authentication filter in Oracle Demantra is broken by design. For example the page:...
Four Oracle Demantra Security Vulnerabilities Found
Oracle’s Demantra, part of the company’s Value Chain Planning suite of software, is fraught with vulnerabilities according to several bug disclosures issued over the weekend. Researchers at the London-based computer security firm Portcullis claim the application is plagued by a four vulnerabiliti...
Oracle Demantra 12.2.1 - Arbitrary File Disclosure
Details: The Team discovered a Local File Include LFI vulnerability. A file inclusion vulnerability occurs when a file from the target system is injected into a page on the attacked server page. The vulnerable page is: /demantra/GraphServlet Impact: Impact can differ based on the exploitation and...
Oracle Demantra 12.2.1 - Database Credentials Disclosure
Details: Demantra has a backend function that allows anyone to retrieve the database instance name and the corresponding credentials. Impact: A remote, unauthenticated attacker could exploit this issue in combination with other found issues, to extract the database credentials and instance name...
Oracle Demantra 12.2.1 - Database Credentials Disclosure
Exploit for windows platform in category web applications Details: Demantra has a backend function that allows anyone to retrieve the database instance name and the corresponding credentials. Impact: A remote, unauthenticated attacker could exploit this issue in combination with other found issue...
Oracle Demantra 12.2.1 - Arbitrary File Disclosure
Exploit for windows platform in category web applications Details: The Team discovered a Local File Include LFI vulnerability. A file inclusion vulnerability occurs when a file from the target system is injected into a page on the attacked server page. The vulnerable page is: /demantra/GraphServl...
Oracle Demantra 12.2.1 - Database Credentials Disclosure
Oracle Demantra 12.2.1 - Database Credentials Disclosure Details: Demantra has a backend function that allows anyone to retrieve the database instance name and the corresponding credentials. Impact: A remote, unauthenticated attacker could exploit this issue in combination with other found issues...