Vulnerability in Siebel UI Framework of Oracle Siebel CRM
CVE-2017-3325

8.2HIGH

Key Information:

Vendor
Oracle
Status
Siebel Ui Framework
Vendor
CVE Published:
27 January 2017

Summary

A vulnerability in the Siebel UI Framework component of Oracle Siebel CRM allows unauthenticated attackers with network access to compromise the framework. Exploitation of this vulnerability necessitates human interaction from users other than the attacker, potentially leading to unauthorized access to sensitive information. Successful exploitation can grant complete access to data available through the Siebel UI Framework, enabling attackers to perform unauthorized updates, inserts, or deletions of accessible data, significantly affecting the integrity and confidentiality of information.

Affected Version(s)

Siebel UI Framework 16.1

References

http://www.securitytracker.com/id/1037635
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/95494
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.