Exploitable Vulnerability in Siebel CRM UI Framework by Oracle
CVE-2023-21909

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Siebel Ui Framework
Vendor: CVE Published:; 18 April 2023

Summary

A vulnerability exists in the UI Framework of Oracle's Siebel CRM product, affecting versions 23.3 and earlier. This flaw can be easily exploited by low-privileged attackers with network access via HTTP. Successful exploitation may allow attackers to gain unauthorized access to sensitive data, potentially compromising critical information stored within the Siebel CRM system. It is essential for users to implement security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

Siebel UI Framework 23.3 and prior

References

https://www.oracle.com/security-alerts/cpuapr2023.html

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Dec 17, 2022