Oracle Siebel < 23.4 (April 2023 CPU)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(185085);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/08");

  script_cve_id("CVE-2023-21909");

  script_name(english:"Oracle Siebel < 23.4 (April 2023 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Siebel install is affected by a vulnerability:

  - Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: UI Framework). Supported versions that are
    affected are 23.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access
    via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized access to
    critical data or complete access to all Siebel CRM accessible data. (CVE-2023-21909)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://www.oracle.com/security-alerts/cpuapr2023.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2aefbee2");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the April 2023 Oracle Critical 
Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-21909");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/04/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/04/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:siebel_crm");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2023 Tenable Network Security, Inc.");

  script_dependencies("oracle_siebel_server_installed.nbin");
  script_require_keys("Oracle/siebel_server/Installed", "installed_sw/Oracle Siebel Server");

  exit(0);
}

include("vcf.inc");

var app_info = vcf::get_app_info(app:'Oracle Siebel Server', win_local:TRUE);

var constraints = [
  {'fixed_version': '23.4'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);