Vulnerability in Oracle Siebel CRM's Server BizLogic Script Component
CVE-2021-2004

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Siebel Core - Server Framework
Vendor: CVE Published:; 20 January 2021

Summary

A vulnerability exists in the Server BizLogic Script component of Oracle Siebel CRM, which affects versions 20.12 and earlier. This flaw allows a low-privileged attacker to exploit the system remotely via HTTP, potentially leading to unauthorized read access to sensitive information contained within the Siebel Core. The vulnerability presents a significant risk by enabling attackers to access data that should otherwise be restricted, compromising the integrity and confidentiality of the system. Organizations utilizing impacted versions should evaluate their systems and apply relevant patches to mitigate the risk.

Affected Version(s)

Siebel Core - Server Framework 20.12 and prior

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020