5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
43.0%
Oracle Siebel CRM
Version: 8.1.1, 8.2.2
Severity level: Medium
Impact: Remote OS Command Execution
Access Vector: Remote
CVSS v2:
Base Score: 5.8
Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVE: CVE-2013-5761
Oracle Siebel CRM is a customer relationship management application used to develop a complex corporate information system.
The specialists of the Positive Research center have detected a Remote OS Command Execution vulnerability in Oracle Siebel CRM.
An attacker is able to execute arbitrary commands on the target system with current user’s privileges and also access its file system using eScript embedded tools.
Update your software up to the latest version
05.02.2013 - Vendor gets vulnerability details
15.10.2013 - Vendor releases fixed version and details
25.10.2013 - Public disclosure
The vulnerability was detected by Nikita Mikhalevsky, Positive Research Center (Positive Technologies Company)
http://en.securitylab.ru/lab/PT-2013-08
<http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html>
Reports on the vulnerabilities previously discovered by Positive Research:
<http://www.ptsecurity.com/research/advisory/>
<http://en.securitylab.ru/lab/>