Vulnerability in Oracle Siebel CRM’s UI Framework Component
CVE-2017-3330

7.6HIGH

Key Information:

Vendor

Oracle
Status
Siebel Ui Framework
Vendor
CVE Published:
27 January 2017

What is CVE-2017-3330?

A vulnerability affecting the Siebel UI Framework in Oracle Siebel CRM allows low-privileged attackers with network access to exploit the component through HTTP requests. This exploitation can lead to unauthorized access and manipulation of sensitive data. While attacks necessitate human interaction for successful exploitation, the implications can extend beyond the Siebel UI Framework to impact additional Oracle products. The vulnerability enables potential attackers to gain access, as well as update, insert, or delete data accessible through the framework.

Affected Version(s)

Siebel UI Framework 16.1

References

http://www.securitytracker.com/id/1037635
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/95499
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.