Unauthenticated Vulnerability in Oracle Siebel CRM Repository Utilities
CVE-2022-21598

7.5HIGH

Key Information:

Vendor: Oracle
Status: Siebel Core - Db Deployment And Configuration
Vendor: CVE Published:; 18 October 2022

Summary

A vulnerability exists in the Repository Utilities component of Oracle Siebel CRM, allowing unauthenticated attackers to exploit network access via HTTP. This flaw can lead to unauthorized modifications, deletions, or creations of data, impacting critical data integrity for Siebel Core - DB Deployment and Configuration. Supported versions affected include 22.8 and earlier. Organizations should implement security measures to mitigate exploitation risks associated with this vulnerability.

Affected Version(s)

Siebel Core - DB Deployment and Configuration 22.8 and prior

References

https://www.oracle.com/security-alerts/cpuoct2022.html

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Nov 15, 2021