Vulnerability Details : CVE-2014-2485
Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality via unknown vectors related to Integration Business Services.
Exploit prediction scoring system (EPSS) score for CVE-2014-2485
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 23 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-2485
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
1.4
|
LOW | AV:L/AC:L/Au:M/C:P/I:N/A:N |
2.5
|
2.9
|
NIST |
References for CVE-2014-2485
-
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
VMSA-2014-0012.1
-
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
Oracle Critical Patch Update - July 2014Vendor Advisory
-
http://seclists.org/fulldisclosure/2014/Dec/23
Full Disclosure: NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
-
http://www.securityfocus.com/archive/1/534161/100/0/threaded
SecurityFocus
-
http://www.securitytracker.com/id/1030585
Oracle Siebel CRM Flaws Let Remote/Local Users Partially Access Data and Remote Users Partially Modify Data - SecurityTracker
Products affected by CVE-2014-2485
- cpe:2.3:a:oracle:siebel_crm:8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:siebel_crm:8.2.2:*:*:*:*:*:*:*