Oracle Siebel Core Server Framework 21.5

CPE Details

Oracle Siebel Core Server Framework 21.5
oracle
siebel_core_-_server_framework
21.5
2021-07-22
14h28 +00:00
2021-07-28
14h09 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:oracle:siebel_core_-_server_framework:21.5:*:*:*:*:*:*:*

Informations

Vendor

oracle

Product

siebel_core_-_server_framework

Version

21.5

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-2353 2021-07-20 20h43 +00:00 Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM (component: Loging). Supported versions that are affected are 21.5 and Prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Siebel Core - Server Framework executes to compromise Siebel Core - Server Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel Core - Server Framework accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).
4.4
Medium
CVE-2020-24750 2020-09-17 16h39 +00:00 FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
8.1
High
CVE-2019-0201 2019-05-23 11h42 +00:00 An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.
5.9
Medium