CVE-2020-2738 — Use After Free in Oracle Siebel UI Framework

CWE-416 — Use After Free5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 37.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Siebel UI Framework Oracle Corporation Siebel UI Framework

Timeline

PublishedApr 15

Latest updateAug 19

Description

Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI, SWSE). Supported versions that are affected are 20.2 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDoracle/siebel_ui_framework20.2

▶CVEListV5oracle_corporation/siebel_ui_framework20.2 and prior

🔴Vulnerability Details

GHSA

GHSA-8jf9-xp6v-2hcx: Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI, SWSE)↗2022-05-24

▶

CVEList

CVE-2020-2738: Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI, SWSE)↗2020-04-15

▶

📋Vendor Advisories

Red Hat

podman: Security regression of CVE-2020-8945 due to source code management issue↗2022-08-19

▶

Oracle

Oracle Oracle Siebel CRM Risk Matrix: EAI, SWSE — CVE-2020-2738↗2020-04-15

▶