CVE-2020-2564
First published: Wed Jan 15 2020(Updated: )
Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Siebel Ui Framework | <=19.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID is CVE-2020-2564.
What is the affected product for this vulnerability?
The affected product is the Siebel UI Framework in Oracle Siebel CRM.
What versions of the product are affected?
Versions 19.10 and prior are affected.
How severe is this vulnerability?
The severity of this vulnerability is medium with a CVSS score of 5.3.
How can an attacker exploit this vulnerability?
An unauthenticated attacker with network access via HTTP can exploit this vulnerability to compromise the Siebel UI Framework.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/description
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/oracle
- canonical/oracle siebel ui framework
- version/oracle siebel ui framework/19.10