My Oracle Support Banner

Oracle Critical Patch Update (CPU) April 2020 for Core Siebel CRM (Doc ID 2659025.1)

Last updated on APRIL 14, 2020

Applies to:

Support Tools > My Oracle Support > My Oracle Support
Information in this document applies to any platform.

Purpose

Oracle provides Critical Patch Updates (CPU) to its customers to fix security vulnerabilities. This document defines and identifies the Core Siebel CRM patches and minimum releases that are required for the Oracle products to address the security vulnerabilities announced in the Advisory for April 2020.

Scope

April 2020 Critical Patch Update for Siebel Core CRM applications contains patches for the following security issues:

CVE-2020-2738 Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI, SWSE). Supported versions that are affected are 20.2 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]

 

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.