Lucene search
K

Oracle Siebel CRM <= 24.7 (October 2024 CPU)

🗓️ 17 Oct 2024 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 17 Views

Oracle Siebel CRM <= 24.7 (October 2024 CPU). Multiple vulnerabilities allowing unauthorized access and compromise of Siebel CRM Integration and Siebel Apps - Marketing

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 1.14.4 IF001
14 May 202420:42
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in Apache Tomcat Server (CVE-2024-24549) affects Power HMC
16 Apr 202416:53
ibm
IBM Security Bulletins
Security Bulletin: Apache Tomcat is vulnerable to CVE-2024-24549 and CVE-2024-23672 used in IBM Maximo Application Suite - Monitor Component
2 May 202419:25
ibm
IBM Security Bulletins
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in its dependencies (CVE-2022-45688, CVE-2023-28439, CVE-2023-33201, CVE-2023-41900, CVE-2023-36479, CVE-2023-40167, CVE-2023-36478, )
24 Mar 202514:16
ibm
IBM Security Bulletins
Security Bulletin: IBM DevOps Release 7.0.0.1 addresses multiple vulnerabilities.
27 Mar 202417:25
ibm
IBM Security Bulletins
Security Bulletin: IBM DevOps Build 7.0.0.1 addresses multiple vulnerabilities.
27 Mar 202417:19
ibm
IBM Security Bulletins
Security Bulletin: IBM Security Guardium is affected by denial of service vulnerabilities (CVE-2024-24549, CVE-2024-23672, CVE-2024-0727, CVE-2023-6129)
29 Aug 202415:33
ibm
IBM Security Bulletins
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a denial of service due to Apache Tomcat (CVE-2024-24549, CVE-2024-23672)
5 Apr 202411:18
ibm
IBM Security Bulletins
Security Bulletin: IBM Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.10
29 Jul 202522:30
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Tomcat
24 Jul 202422:40
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(209246);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/10/18");

  script_cve_id("CVE-2023-28439", "CVE-2024-24549");

  script_name(english:"Oracle Siebel CRM <= 24.7 (October 2024 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in
the October 2024 CPU advisory.

  - Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: EAI (Apache Tomcat)).
    Supported versions that are affected are 24.7 and prior. Easily exploitable vulnerability allows
    unauthenticated attacker with network access via HTTP/2 to compromise Siebel CRM Integration. Successful
    attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
    crash (complete DOS) of Siebel CRM Integration. (CVE-2024-24549)

  - Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: User Interface
    (CKEditor)). Supported versions that are affected are 24.7 and prior. Easily exploitable vulnerability
    allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing.
    Successful attacks require human interaction from a person other than the attacker and while the
    vulnerability is in Siebel Apps - Marketing, attacks may significantly impact additional products (scope
    change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete
    access to some of Siebel Apps - Marketing accessible data as well as unauthorized read access to a subset
    of Siebel Apps - Marketing accessible data. (CVE-2023-28439)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cpuoct2024csaf.json");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuoct2024.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2024 Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-28439");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/10/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/10/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/10/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:siebel_crm");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_siebel_server_installed.nbin");
  script_require_keys("installed_sw/Oracle Siebel Server");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'Oracle Siebel Server');

var constraints = [
  { 'max_version' : '24.7', 'fixed_version' : '24.8' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

18 Oct 2024 00:00Current
7.5High risk
Vulners AI Score7.5
CVSS 3.16.1 - 7.5
EPSS0.23072
SSVC
17