CVE-2021-2353

Description

Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM (component: Loging). Supported versions that are affected are 21.5 and Prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Siebel Core - Server Framework executes to compromise Siebel Core - Server Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel Core - Server Framework accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

Related CPE's

aoraclesiebel_core_-_server_framework********

vulnerable

References

https://www.oracle.com/security-alerts/cpujul2021.html

PatchVendor Advisory

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

NONE

IntegrityImpact

NONE

PrivilegesRequired

HIGH

BaseScore

4.4

VectorString

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

NONE

IntegrityImpact

NONE

BaseScore

2.1

VectorString

AV:L/AC:L/Au:N/C:P/I:N/A:N

Version

2.0

AccessVector

LOCAL

Authentication

NONE

Created by Yello
About Severity.io