Unauthorized Data Access in Oracle Siebel CRM UI Framework
CVE-2020-2560

4.7MEDIUM

Key Information:

Vendor: Oracle
Status: Siebel Ui Framework
Vendor: CVE Published:; 15 January 2020

Summary

A vulnerability exists in the Siebel UI Framework component of Oracle Siebel CRM, specifically in the SWSE Server. This flaw allows an unauthenticated attacker with network access via HTTP to exploit the framework. Successful exploitation of this vulnerability necessitates human interaction from a user other than the attacker. While the primary impact is on the Siebel UI Framework, it may also affect additional products associated with it. When successfully manipulated, this vulnerability could lead to unauthorized read access to certain data elements available within the Siebel UI Framework.

Affected Version(s)

Siebel UI Framework 19.10 and prior

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019