Unauthenticated Access Vulnerability in Oracle Siebel CRM
CVE-2021-2368

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Siebel Core - Server Framework
Vendor: CVE Published:; 20 July 2021

Summary

A vulnerability exists in the server infrastructure of Oracle's Siebel CRM that enables an unauthenticated attacker with network access via HTTPS to exploit the system. The flaw affects Siebel CRM versions 21.5 and earlier, potentially allowing unauthorized users to gain access to sensitive data or even full control over all data within the application. Attackers can exploit this vulnerability without prior authentication, posing a significant risk to organizations relying on Siebel CRM for data management. To ensure the security of critical information, immediate patches and updates are recommended.

Affected Version(s)

Siebel Core - Server Framework 21.5 and Prior

References

https://www.oracle.com/security-alerts/cpujul2021.html

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 20, 2021
Vulnerability Reserved
Dec 9, 2020