Detections
Analytics

Oracle Siebel CRM (April 2017 CPU)

critical Nessus Plugin ID 212383

Synopsis

The remote host is affected by a vulnerability

Description

The versions of Oracle Siebel CRM installed on the remote host are affected by a vulnerability as referenced in the April 2017 CPU advisory.

 - Vulnerability in the Siebel Apps - E-Billing component of Oracle Siebel CRM (subcomponent: Security (Struts 2)). Supported versions that are affected are 6.1, 6.2, 7.0 and 7.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - E-Billing. While the vulnerability is in Siebel Apps - E-Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Siebel Apps - E-Billing. (CVE-2017-5638)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Apply the appropriate patch according to the April 2017 Oracle Critical Patch Update advisory.

See Also

http://www.nessus.org/u?623d2c22

Plugin Details

Severity: Critical

ID: 212383

File Name: oracle_siebel_cpu_apr_2017.nasl

Version: 1.1

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 12/11/2024

Updated: 12/11/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2017-5638

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:siebel_crm

Required KB Items: installed_sw/Oracle Siebel Server

Exploit Available: true

Exploit Ease: No known exploits are available

Patch Publication Date: 4/18/2017

Vulnerability Publication Date: 4/18/2017

CISA Known Exploited Vulnerability Due Dates: 5/3/2022

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit

Reference Information

CVE: CVE-2017-5638