CVE-2017-10162

EPSS 0.19%
Published 19.10.2017 17:29:00
Last modified 20.04.2025 01:37:25
Source secalert_us@oracle.com
Teams watchlist Login
Open Login

Vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM (subcomponent: Services). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Core - Server Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel Core - Server Framework accessible data as well as unauthorized read access to a subset of Siebel Core - Server Framework accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).

Affected products Warnungen 0 Metrics 3 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Oracle ≫ Siebel Core-server Framework Version16.0

Oracle ≫ Siebel Core-server Framework Version17.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.374

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:P/I:P/A:N

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Patch

Vendor Advisory

http://www.securityfocus.com/bid/101416

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-10162

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-10162

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-10162

EUVD