Lucene search
+L

Oracle Siebel Server <= 20.6 (July 2020 CPU)

🗓️ 11 Dec 2024 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 11 Views

Oracle Siebel Server 20.6 and prior are vulnerable via HTTP, risking unauthorized data access.

Related
Refs
Code
ReporterTitlePublishedViews
Family
bdu_fstec
The vulnerability of the SWSE Server component of the Siebel UI Framework allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.
17 Sep 202000:00
bdu_fstec
cve
CVE-2020-14531
15 Jul 202017:34
cve
cvelist
CVE-2020-14531
15 Jul 202017:34
cvelist
euvd
EUVD-2020-6667
7 Oct 202500:30
euvd
nvd
CVE-2020-14531
15 Jul 202018:15
nvd
oracle
Oracle Critical Patch Update Advisory - July 2020
14 Jul 202000:00
oracle
osv
CVE-2020-14531
15 Jul 202018:15
osv
prion
Design/Logic Flaw
15 Jul 202018:15
prion
redhatcve
CVE-2020-14531
22 May 202516:20
redhatcve
vulnrichment
CVE-2020-14531
15 Jul 202017:34
vulnrichment
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(212402);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/12/11");

  script_cve_id("CVE-2020-14531");

  script_name(english:"Oracle Siebel Server <= 20.6 (July 2020 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a vulnerability");
  script_set_attribute(attribute:"description", value:
"The versions of Oracle Siebel CRM installed on the remote host are affected by a vulnerability as referenced in the July
2020 CPU advisory.

  - Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). Supported
    versions that are affected are 20.6 and prior. Difficult to exploit vulnerability allows unauthenticated
    attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human
    interaction from a person other than the attacker. Successful attacks of this vulnerability can result in
    unauthorized access to critical data or complete access to all Siebel UI Framework accessible data as well
    as unauthorized update, insert or delete access to some of Siebel UI Framework accessible data.
    (CVE-2020-14531)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/a/tech/docs/cpujul2020cvrf.xml");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujul2020.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the July 2020 Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14531");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/07/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/12/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:siebel_crm");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_siebel_server_installed.nbin");
  script_require_keys("installed_sw/Oracle Siebel Server");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'Oracle Siebel Server');

var constraints = [
  { 'max_version' : '20.6.999', 'fixed_display' : 'See vendor advisory' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

11 Dec 2024 00:00Current
7.1High risk
Vulners AI Score7.1
CVSS 24
CVSS 3.15.9
EPSS0.0112
SSVC
11