Input validation error in Siebel UI Framework - CVE-2017-3264
Published: January 28, 2017 / Updated: August 8, 2020
Vulnerability identifier: #VU39780
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-3264
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Oracle
Affected software:
Siebel UI Framework
Siebel UI Framework
Detailed vulnerability description
The vulnerability allows a remote authenticated user to manipulate data.
Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open UI). The supported version that is affected is 16.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data. CVSS v3.0 Base Score 3.1 (Integrity impacts).
How to mitigate CVE-2017-3264
Install update from vendor's website.