Oracle Siebel CRM Unauthorized Access Vulnerability
CVE-2019-2965

7.5HIGH

Key Information:

Vendor: Oracle
Status: Siebel Core - Db Deployment And Configuration
Vendor: CVE Published:; 16 October 2019

Summary

A vulnerability exists in the Siebel Core - DB Deployment and Configuration component of Oracle Siebel CRM, allowing unauthenticated attackers with HTTP network access to exploit this weakness. Successful exploitation can lead to unauthorized access to sensitive data and potentially grant complete access to all data within the Siebel Core - DB Deployment and Configuration system. Affected versions include 19.8 and earlier, highlighting the critical need for users to apply necessary security updates and configurations to mitigate this risk.

Affected Version(s)

Siebel Core - DB Deployment and Configuration 19.8 and prior

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Dec 14, 2018