Vulnerability in Oracle Siebel CRM UI Framework Component
CVE-2017-10302

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Siebel Ui Framework
Vendor: CVE Published:; 19 October 2017

Summary

The vulnerability affects the Siebel UI Framework component of Oracle Siebel CRM, specifically in versions 16.0 and 17.0. This security flaw allows an unauthenticated attacker with network access via HTTP to compromise the UI Framework. Notably, successful exploitation of this vulnerability necessitates human interaction from a target user. Although it primarily resides within the Siebel UI Framework, successful attacks may lead to unauthorized alterations, including updates, inserts, or deletions of data, as well as unauthorized reading of sensitive information from the framework. Attack impacts can be significantly broad, affecting additional products associated with Oracle Siebel CRM.

Affected Version(s)

Siebel UI Framework 16.0

Siebel UI Framework 17.0

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101419

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 19, 2017
Vulnerability Reserved
Jun 21, 2017