Lucene search

[email protected]CVE-2016-5460

HistoryJul 21, 2016 - 10:15 a.m.

CVE-2016-5460

2016-07-2110:15:16

[email protected]

web.nvd.nist.gov

cve-2016-5460

siebel core

server framework

oracle siebel crm

confidentiality

remote attackers

services

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

3.6 Low

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.7%

JSON

Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-3450 and CVE-2016-5466.

Affected configurations

NVD

Node

oraclesiebel_core-server_frameworkMatch8.1.1

oraclesiebel_core-server_frameworkMatch8.2.2

oraclesiebel_core-server_frameworkMatch2014

oraclesiebel_core-server_frameworkMatch2015

oraclesiebel_core-server_frameworkMatch2016

CPENameOperatorVersion
oracle:siebel_core-server_frameworkoracle siebel core-server frameworkeq8.1.1
oracle:siebel_core-server_frameworkoracle siebel core-server frameworkeq8.2.2
oracle:siebel_core-server_frameworkoracle siebel core-server frameworkeq2014
oracle:siebel_core-server_frameworkoracle siebel core-server frameworkeq2015
oracle:siebel_core-server_frameworkoracle siebel core-server frameworkeq2016

CPE	Name	Operator	Version
oracle:siebel_core-server_framework	oracle siebel core-server framework	eq	8.1.1
oracle:siebel_core-server_framework	oracle siebel core-server framework	eq	8.2.2
oracle:siebel_core-server_framework	oracle siebel core-server framework	eq	2014
oracle:siebel_core-server_framework	oracle siebel core-server framework	eq	2015
oracle:siebel_core-server_framework	oracle siebel core-server framework	eq	2016

References

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.securityfocus.com/bid/91787

www.securityfocus.com/bid/91961

www.securitytracker.com/id/1036400

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

3.6 Low

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.7%

JSON

Related for CVE-2016-5460

prion3 nvd3 cve2 cvelist3 oracle1