Exploitable Vulnerability in Siebel CRM's UI Framework by Oracle
CVE-2018-3059

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Siebel Ui Framework
Vendor: CVE Published:; 17 October 2018

Summary

The Siebel UI Framework in Oracle Siebel CRM is susceptible to an improperly authenticated vulnerability that can be easily exploited by an unauthenticated attacker with network access via HTTP. This vulnerability may allow unauthorized individuals to manipulate data within the framework, provided they prompt human interaction from a third party to launch the attack. The exploit could lead to unauthorized updates, inserts, deletions, and read access to various data accessible through the Siebel UI Framework, posing significant risks not just to Siebel CRM but potentially to related systems as well.

Affected Version(s)

Siebel UI Framework 18.7

Siebel UI Framework 18.8

Siebel UI Framework 18.9

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/105655

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 17, 2018
Vulnerability Reserved
Dec 15, 2017