Summary
| Detail | |||
|---|---|---|---|
| Vendor | Baramundi | First view | 2013-10-03 |
| Product | Management Suite | Last view | 2013-10-03 |
| Version | 8.8 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:baramundi:management_suite | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2013-10-03 | CVE-2013-3625 | An unspecified DLL file in Baramundi Management Suite 7.5 through 8.9 uses a hardcoded encryption key, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere. |
| 7.8 | 2013-10-03 | CVE-2013-3624 | The OS deployment feature in Baramundi Management Suite 7.5 through 8.9 stores credentials in cleartext on deployed machines, which allows remote attackers to obtain sensitive information by reading a file. NOTE: this ID was also incorrectly mapped to a separate issue in Oracle Outside In, but the correct ID for that issue is CVE-2013-5763. |
| 7.8 | 2013-10-03 | CVE-2013-3593 | Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) client-server communication and (2) data storage, which allows remote attackers to obtain sensitive information by sniffing the network, and allows context-dependent attackers to obtain sensitive information by reading a file. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 66% (2) | CWE-310 | Cryptographic Issues |
| 33% (1) | CWE-255 | Credentials Management |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2013-A-0199 | Multiple Vulnerabilities in Oracle Fusion Middleware Severity: Category I - VMSKEY: V0040786 |
