6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.6%
The remote Oracle Siebel install is affected by a vulnerability:
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(185085);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/08");
script_cve_id("CVE-2023-21909");
script_name(english:"Oracle Siebel < 23.4 (April 2023 CPU)");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Siebel install is affected by a vulnerability:
- Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: UI Framework). Supported versions that are
affected are 23.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access
via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized access to
critical data or complete access to all Siebel CRM accessible data. (CVE-2023-21909)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://www.oracle.com/security-alerts/cpuapr2023.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2aefbee2");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the April 2023 Oracle Critical
Patch Update advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-21909");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/04/18");
script_set_attribute(attribute:"patch_publication_date", value:"2023/04/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:siebel_crm");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2023 Tenable Network Security, Inc.");
script_dependencies("oracle_siebel_server_installed.nbin");
script_require_keys("Oracle/siebel_server/Installed", "installed_sw/Oracle Siebel Server");
exit(0);
}
include("vcf.inc");
var app_info = vcf::get_app_info(app:'Oracle Siebel Server', win_local:TRUE);
var constraints = [
{'fixed_version': '23.4'}
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | siebel_crm | cpe:/a:oracle:siebel_crm |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.6%