Share

Oracle Critical Patch Update Advisory – July 2012 , Patches 7 Flaws In Siebel

Latest Oracle Critical Patch Update will patch 87 flaws in Oracle patches 87 flaws in Oracle's Data Base, PeopleSoft, Siebel, Solaris, MySQL etc…..

There are five vulnerabilities in Oracle Database Server products, four of which could allow remote code execution without authentication. Other important fixes include 22 flaws in Oracle Fusion Middleware, 9 in PeopleSoft, 7 in Siebel and 21 in Solaris. Source: NakedSecurity

7 vulnerabilities which will patched were allowing successful authenticated network attacks via HTTP in Oracle Siebel products. Siebel patch details are covered under below topics.

Product: Oracle Siebel CRM  8.1.1 and 8.2.2.

Subcomponenet: Web UI, Portal Framework, UI Framework

 


 

Vulnerability Issues:

     The July 2012 Critical Patch Update contains patches for the following security issues:

  • Unauthorized read access to a subset of Siebel CRM accessible data.
  • Unauthorized update, insert or delete access to some Siebel CRM accessible data as well as read access to a subset of Siebel CRM accessible data and ability to cause a partial denial of service (partial DOS) of Siebel CRM. 
  • Unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM.  
  • Unauthorized read access to a subset of Siebel CRM accessible data.
  • Unauthorized update, insert or delete access to some Siebel CRM accessible data.

Important Links:

Oracle Critical Patch Update Advisory – July 2012

Core Siebel July 2012 Critical Patch Update Knowledge Document [ID 1475605.1]

 


 

More Information about Patch:

July 2012 Critical Patch Update – Patch availability information for Siebel Core Application

The July 2012 Critical Patch Update contains patches for the following security issues:

CVE-2012-1731  Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Web UI). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel CRM accessible data as well as read access to a subset of Siebel CRM accessible data and ability to cause a partial denial of service (partial DOS) of Siebel CRM. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). 

CVE-2012-1728  Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Portal Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel CRM accessible data as well as read access to a subset of Siebel CRM accessible data.  CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). 

CVE-2012-1742  Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: UI Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel CRM. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). 

CVE-2012-1760  Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: UI Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). 

CVE-2012-1761  Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: UI Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel CRM accessible data.  CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). 

CVE-2012-1732  Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: UI Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel CRM accessible data.  CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N).

CVE-2012-1754  Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: UI Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel CRM accessible data.  CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). 

Reference: oracle.com

Leave A Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!