Vulnerability Details : CVE-2014-4250
Unspecified vulnerability in the Siebel Core - Server OM Frwks component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Object Manager.
Exploit prediction scoring system (EPSS) score for CVE-2014-4250
Probability of exploitation activity in the next 30 days: 0.29%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 68 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-4250
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST |
References for CVE-2014-4250
-
http://www.securityfocus.com/bid/68630
Oracle Siebel Core - Server OM Frwks CVE-2014-4250 Remote Security Vulnerability
-
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
VMSA-2014-0012.1
-
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
Oracle Critical Patch Update - July 2014Vendor Advisory
-
http://seclists.org/fulldisclosure/2014/Dec/23
Full Disclosure: NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
-
http://www.securityfocus.com/archive/1/534161/100/0/threaded
SecurityFocus
-
http://www.securitytracker.com/id/1030585
Oracle Siebel CRM Flaws Let Remote/Local Users Partially Access Data and Remote Users Partially Modify Data - SecurityTracker
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/94586
Oracle Siebel Core - Server OM Frwks Object Manager information disclosure CVE-2014-4250 Vulnerability Report
Products affected by CVE-2014-4250
- cpe:2.3:a:oracle:siebel_crm:8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:siebel_crm:8.2.2:*:*:*:*:*:*:*