CVE-2019-2570

3 documents3 sources

Severity

4.7MEDIUM

EPSS

0.4%

top 37.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Siebel Core - Server Framework Oracle Siebel CRM

Timeline

PublishedApr 23

Latest updateMay 24

Description

Vulnerability in the Siebel Core - Server BizLogic Script component of Oracle Siebel CRM (subcomponent: Integration - Scripting). The supported version that is affected is 19.3. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Siebel Core - Server BizLogic Script. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel Core - Server BizLogic Script accessible data as well as u…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5oracle_corporation/siebel_core_-_server_framework19.3

▶NVDoracle/siebel_crm19.3

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-8x2j-pw29-3r92: Vulnerability in the Siebel Core - Server BizLogic Script component of Oracle Siebel CRM (subcomponent: Integration - Scripting)↗2022-05-24

▶

CVEList

CVE-2019-2570: Vulnerability in the Siebel Core - Server BizLogic Script component of Oracle Siebel CRM (subcomponent: Integration - Scripting)↗2019-04-23

▶