CVE-2016-5560

MEDIUM

Oracle Siebel CRM 16.1 - Authenticated Improper Access Control in OpenUI

Title source: llm
STIX 2.1

Description

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to OpenUI.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93760

Scores

CVSS v3 5.4
EPSS 0.0090
EPSS Percentile 55.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-284
Status published
Products (1)
oracle/siebel_customer_order_management 16.1
Published Oct 25, 2016
Tracked Since Feb 18, 2026