Oracle Siebel Ui Framework vulnerabilities
53 known vulnerabilities affecting oracle/siebel_ui_framework.
Total CVEs
53
CISA KEV
1
actively exploited
Public exploits
7
Exploited in wild
4
Severity breakdown
CRITICAL6HIGH16MEDIUM28LOW3
Vulnerabilities
Page 2 of 3
CVE-2020-1935MEDIUMCVSS 4.8≤ 20.52020-02-24
CVE-2020-1935 [MEDIUM] CWE-444 CVE-2020-1935: In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing cod
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encodi
nvd
CVE-2020-2560MEDIUMCVSS 4.7≤ 19.102020-01-15
CVE-2020-2560 [MEDIUM] CVE-2020-2560: Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). Supp
Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the atta
nvd
CVE-2020-2559MEDIUMCVSS 5.3≤ 19.72020-01-15
CVE-2020-2559 [MEDIUM] CVE-2020-2559: Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI). Supp
Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI). Supported versions that are affected are 19.7 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access
nvd
CVE-2020-2564MEDIUMCVSS 5.3≤ 19.102020-01-15
CVE-2020-2564 [MEDIUM] CVE-2020-2564: Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported ve
Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a s
nvd
CVE-2019-20330CRITICALCVSS 9.8≤ 20.52020-01-03
CVE-2019-20330 [CRITICAL] CWE-502 CVE-2019-20330: FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
nvd
CVE-2019-2935MEDIUMCVSS 5.3≤ 19.82019-10-16
CVE-2019-2935 [MEDIUM] CVE-2019-2935: Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported ve
Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a su
nvd
CVE-2019-16942CRITICALCVSS 9.8≤ 20.5v20.62019-10-01
CVE-2019-16942 [CRITICAL] CWE-502 CVE-2019-16942: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When D
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible
nvd
CVE-2019-14439HIGHCVSS 7.5≤ 19.102019-07-30
CVE-2019-14439 [HIGH] CWE-502 CVE-2019-14439: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occ
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
nvd
CVE-2019-14379CRITICALCVSS 9.8≤ 19.102019-07-29
CVE-2019-14379 [CRITICAL] CWE-1321 CVE-2019-14379: SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when eh
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
nvd
CVE-2019-2857MEDIUMCVSS 5.4≤ 19.02019-07-23
CVE-2019-2857 [MEDIUM] CVE-2019-2857: Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI).
Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 19.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the a
nvd
CVE-2019-0227HIGHCVSS 7.5PoC≤ 21.02019-05-01
CVE-2019-0227 [HIGH] CWE-918 CVE-2019-0227: A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that wa
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to t
nvd
CVE-2019-11358MEDIUMCVSS 6.1ExploitedPoCv20.82019-04-20
CVE-2019-11358 [MEDIUM] CWE-1321 CVE-2019-11358: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(t
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
nvd
CVE-2018-14718CRITICALCVSS 9.8≤ 19.102019-01-02
CVE-2018-14718 [CRITICAL] CWE-502 CVE-2018-14718: FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code b
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
nvd
CVE-2018-3059MEDIUMCVSS 6.1v18.7v18.8+1 more2018-10-17
CVE-2018-3059 [MEDIUM] CVE-2018-3059: Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI).
Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 18.7, 18.8 and 18.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than
nvd
CVE-2018-8032MEDIUMCVSS 6.1≤ 21.02018-08-02
CVE-2018-8032 [MEDIUM] CWE-79 CVE-2018-8032: Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
nvd
CVE-2018-2959MEDIUMCVSS 4.3v18.02018-07-18
CVE-2018-2959 [MEDIUM] CVE-2018-2959: Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI).
Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). The supported version that is affected is 18.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker.
nvd
CVE-2015-9251MEDIUMCVSS 6.1v18.10v18.112018-01-18
CVE-2015-9251 [MEDIUM] CWE-79 CVE-2015-9251: jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax req
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
nvd
CVE-2017-10263HIGHCVSS 8.2v16.0v17.02017-10-19
CVE-2017-10263 [HIGH] CVE-2017-10263: Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI).
Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the a
nvd
CVE-2017-10333HIGHCVSS 7.4v16.0v17.02017-10-19
CVE-2017-10333 [HIGH] CVE-2017-10333: Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: EAI). Support
Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: EAI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. While the vulnerability is in Siebel UI Framework, attacks may significantly impact
nvd
CVE-2017-10315MEDIUMCVSS 6.1v16.0v17.02017-10-19
CVE-2017-10315 [MEDIUM] CVE-2017-10315: Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI).
Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the
nvd