CVE-2022-21598

Vulnerability in the Siebel Core - DB Deployment and Configuration product of Oracle Siebel CRM (component: Repository Utilities). Supported versions that are affected are 22.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core - DB Deployment and Configuration. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel Core - DB Deployment and Configuration accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpuoct2022.html	Patch Vendor Advisory
https://www.oracle.com/security-alerts/cpuoct2022.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:siebel_core_-_db_deployment_and_configuration_accessible_data:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:45

Type	Values Removed	Values Added
References	~~() https://www.oracle.com/security-alerts/cpuoct2022.html - Patch, Vendor Advisory~~	() https://www.oracle.com/security-alerts/cpuoct2022.html - Patch, Vendor Advisory

Information

Published : 2022-10-18 21:15

Updated : 2024-11-21 06:45

NVD link : CVE-2022-21598

Mitre link : CVE-2022-21598

CVE.ORG link : CVE-2022-21598

JSON object : View

Products Affected

oracle

siebel_core_-_db_deployment_and_configuration_accessible_data

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-21598", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-10-18T21:15:11.637", "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Siebel Core - DB Deployment and Configuration product of Oracle Siebel CRM (component: Repository Utilities). Supported versions that are affected are 22.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core - DB Deployment and Configuration. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel Core - DB Deployment and Configuration accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."}, {"lang": "es", "value": "Una vulnerabilidad en el producto Siebel Core - DB Deployment and Configuration de Oracle Siebel CRM (componente: Repository Utilities). Las versiones soportadas que est\u00e1n afectadas son 22.8 y anteriores. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer Siebel Core - DB Deployment and Configuration. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la creaci\u00f3n no autorizada, la eliminaci\u00f3n o el acceso a la modificaci\u00f3n de los datos cr\u00edticos o todos los datos accesibles de Siebel Core - DB Deployment and Configuration. CVSS 3.1 Puntuaci\u00f3n Base 7.5 (Impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)"}], "lastModified": "2024-11-21T06:45:02.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:siebel_core_-_db_deployment_and_configuration_accessible_data:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77881450-67E0-4F03-81F1-4D682DE63E55", "versionEndIncluding": "22.8"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}