Lucene search
K

Oracle Siebel Server <= 21.0 (April 2021 CPU)

🗓️ 11 Dec 2024 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 16 Views

Oracle Siebel Server up to version 21.0 has multiple vulnerabilities per April 2021 CPU advisory.

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
Apache Axis 1.4 - Remote Code Execution Exploit
9 Apr 201900:00
zdt
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in Apache Axis affect IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite
2 Feb 202321:04
ibm
IBM Security Bulletins
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203
24 Apr 202315:01
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities found in Axis.jar V1.x may affect IBM Content Collector for SAP Applications
26 Mar 202117:24
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities affect the IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit
30 Jun 202309:23
ibm
IBM Security Bulletins
Security Bulletin: Netcool Operations Insights 1.6.9 addresses multiple security vulnerabilities.
18 Jul 202313:09
ibm
IBM Security Bulletins
Security Bulletin: Multiple CKEditor Vulnerabilities Affect IBM Control Center
14 May 202121:38
ibm
IBM Security Bulletins
Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8
18 Oct 202407:56
ibm
IBM Security Bulletins
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache Axis
28 Mar 202517:52
ibm
IBM Security Bulletins
Security Bulletin: IBM Security Directory Integrator is affected by multiple security vulnerabilities
22 Jun 202316:30
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(212426);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/12/12");

  script_cve_id("CVE-2019-0227", "CVE-2020-9281");
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");

  script_name(english:"Oracle Siebel Server <= 21.0 (April 2021 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in
the April 2021 CPU advisory.

  - Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server (Apache
    Axis)). Supported versions that are affected are 21.0 and prior. Difficult to exploit vulnerability allows
    unauthenticated attacker with access to the physical communication segment attached to the hardware where
    the Siebel UI Framework executes to compromise Siebel UI Framework. Successful attacks of this
    vulnerability can result in takeover of Siebel UI Framework. (CVE-2019-0227)

  - Vulnerability in the Siebel Apps - Customer Order Management product of Oracle Siebel CRM (component:
    Customizable Prod/Configurator (CKEditor)). Supported versions that are affected are 21.0 and prior.
    Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to
    compromise Siebel Apps - Customer Order Management. Successful attacks require human interaction from a
    person other than the attacker and while the vulnerability is in Siebel Apps - Customer Order Management,
    attacks may significantly impact additional products. Successful attacks of this vulnerability can result
    in unauthorized update, insert or delete access to some of Siebel Apps - Customer Order Management
    accessible data as well as unauthorized read access to a subset of Siebel Apps - Customer Order Management
    accessible data. (CVE-2020-9281)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/a/tech/docs/cpuapr2021cvrf.xml");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuapr2021.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the April 2021 Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0227");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/04/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/12/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:siebel_crm");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_siebel_server_installed.nbin");
  script_require_keys("installed_sw/Oracle Siebel Server");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'Oracle Siebel Server');

var constraints = [
  { 'max_version' : '21.0.999', 'fixed_version' : '21.3' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

12 Dec 2024 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 25.4
CVSS 3.17.5
EPSS0.86503
16