PT-2018-15806 · Oracle · Oracle Siebel Crm

Published

2018-04-19

Updated

2019-10-03

CVE-2018-2789

CVSS v3.1

5.0

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Oracle Siebel CRM version 17.0

Description The issue affects the Siebel Core - Server Framework component, allowing a low-privileged attacker with network access via HTTP to compromise the framework. This can result in unauthorized read access to a subset of accessible data within the Siebel Core - Server Framework. The impact of successful attacks may extend beyond the Siebel Core - Server Framework, affecting additional products.

Recommendations For Oracle Siebel CRM version 17.0, update to a version that includes the fix for this issue to prevent unauthorized read access. As a temporary workaround, consider restricting access to the Siebel Core - Server Framework component to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-2789

Affected Products

Oracle Siebel Crm

PT-2018-15806 · Oracle · Oracle Siebel Crm

CVE-2018-2789

Related Identifiers

Affected Products

References · 4