Unauthorized Data Access in Oracle Siebel CRM Search Component
CVE-2021-2039

7.6HIGH

Key Information:

Vendor: Oracle
Status: Siebel Core - Server Framework
Vendor: CVE Published:; 20 January 2021

Summary

A vulnerability exists within the Search component of Oracle Siebel CRM's Server Framework that allows low-privileged attackers with network access via HTTP to exploit the system. Successful exploitation requires human interaction from a non-attacking user. The impact of this vulnerability can lead to unauthorized access to critical data within the Siebel Core - Server Framework. This not only compromises the integrity and confidentiality of the accessible data but also permits unauthorized updates, insertions, or deletions, potentially affecting additional interconnected products.

Affected Version(s)

Siebel Core - Server Framework 20.12 and prior

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020