Unauthenticated Vulnerability in Oracle Siebel CRM Repository Utilities
CVE-2022-21598

7.5HIGH

Key Information:

Vendor: Oracle
Status: Siebel Core - Db Deployment And Configuration
Vendor: CVE Published:; 18 October 2022

What is CVE-2022-21598?

A vulnerability exists in the Repository Utilities component of Oracle Siebel CRM, allowing unauthenticated attackers to exploit network access via HTTP. This flaw can lead to unauthorized modifications, deletions, or creations of data, impacting critical data integrity for Siebel Core - DB Deployment and Configuration. Supported versions affected include 22.8 and earlier. Organizations should implement security measures to mitigate exploitation risks associated with this vulnerability.

Affected Version(s)

Siebel Core - DB Deployment and Configuration 22.8 and prior

References

https://www.oracle.com/security-alerts/cpuoct2022.html

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Nov 15, 2021