Lucene search
+L

Oracle Siebel Server <= 23.7 (January 2024 CPU)

🗓️ 11 Dec 2024 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 14 Views

Oracle Siebel Server versions prior to 23.8 have a vulnerability allowing unauthorized access.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities
6 Jul 202318:48
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities (CVE-2023-24998, CVE-2023-1436) affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.
17 May 202313:42
ibm
IBM Security Bulletins
Security Bulletin: IBM Sterling B2B Integrator EBICs client affected by multiple issues due to Jettison
19 Dec 202319:21
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in JSON-java, Hutool and Jettison might affect IBM Storage Copy Data Management.
24 Jan 202519:14
ibm
IBM Security Bulletins
Security Bulletin: IBM Asset Data Dictionary Component uses grpc-protobuf-1.50.2.jar and jettison-1.5.2.jar which is vulnerable to CVE-2023-32731 and CVE-2023-1436
21 Oct 202414:34
ibm
IBM Security Bulletins
Security Bulletin: Multiple security vulnerabilities affecting Watson Knowledge Catalog for IBM Cloud Pak for Data
5 Jul 202318:31
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in Jettison affects IBM watsonx.data
25 Sep 202419:05
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Jettison
2 May 202322:38
ibm
IBM Security Bulletins
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
26 May 202314:13
ibm
IBM Security Bulletins
Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities
29 Sep 202318:56
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(212446);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/12/12");

  script_cve_id("CVE-2023-1436");

  script_name(english:"Oracle Siebel Server <= 23.7 (January 2024 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The versions of Oracle Siebel CRM installed on the remote host are affected by a vulnerability as referenced in the
January 2024 CPU advisory.

  - Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: EAI (Jettison)). Supported
    versions that are affected are Prior to 23.8. Easily exploitable vulnerability allows unauthenticated
    attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability
    can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel
    CRM. (CVE-2023-1436)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cpujan2024csaf.json");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujan2024.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the January 2024 Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-1436");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/01/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/12/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:siebel_crm");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_siebel_server_installed.nbin");
  script_require_keys("installed_sw/Oracle Siebel Server");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'Oracle Siebel Server');

var constraints = [
  { 'max_version' : '23.8.999', 'fixed_version' : '23.12' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

12 Dec 2024 00:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.15.9 - 7.5
EPSS0.01009
SSVC
14