Unauthenticated Access Vulnerability in Oracle Siebel CRM's Search Functionality
CVE-2019-2777

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Siebel Core - Server Framework
Vendor: CVE Published:; 23 July 2019

Summary

This vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM enables unauthenticated attackers with network access via HTTP to compromise the framework. Successful exploitation of this vulnerability requires human interaction from an individual other than the attacker. Despite its presence in the Server Framework, attacks can have a widespread impact, affecting other linked products. Exploitation may allow unauthorized access to sensitive data, enabling attackers to update, insert, or delete information accessible through the Server Framework, as well as to read unauthorized segments of data.

Affected Version(s)

Siebel Core - Server Framework 19.0 and prior

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018