Vulnerability in Siebel Core CRM Component of Oracle Siebel CRM
CVE-2017-10049

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Siebel Core - Server Framework
Vendor
CVE Published:
8 August 2017

Summary

This vulnerability exists in the Siebel Core CRM component of Oracle Siebel CRM, particularly in the Search subcomponent. A remote, unauthenticated attacker with network access via HTTP can exploit this issue to gain unauthorized access to sensitive data and perform actions such as updating, inserting, or deleting information without proper authorization. Although successful exploitation requires human interaction from an unwitting user, the impact may extend beyond Siebel Core CRM and affect other connected products. Organizations using impacted versions should implement recommended security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

Siebel Core - Server Framework 16.0

Siebel Core - Server Framework 17.0

References

http://www.securitytracker.com/id/1038936
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99626
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.