Exploitable Vulnerability in Oracle Siebel CRM by Oracle
CVE-2017-10315

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Siebel Ui Framework
Vendor: CVE Published:; 19 October 2017

Summary

A vulnerability exists in the Siebel UI Framework component of Oracle Siebel CRM, specifically within the UIF Open UI subcomponent. This issue affects supported versions 16.0 and 17.0. It can be easily exploited by an unauthenticated attacker with HTTP network access, necessitating human interaction from a victim to execute a successful attack. While the vulnerability is located in the Siebel UI Framework, it can lead to unauthorized updates, inserts, or deletions across data accessible within this framework. Furthermore, it poses a risk of unauthorized reading of certain subsets of data, significantly heightening the potential impact on systems relying on this application.

Affected Version(s)

Siebel UI Framework 16.0

Siebel UI Framework 17.0

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101417

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 19, 2017
Vulnerability Reserved
Jun 21, 2017