CVE-2017-10264
MEDIUMOracle Siebel UI Framework 16.0-17.0 - Unauthenticated Partial Denial of Service via HTTP
Title source: llmDescription
Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel UI Framework. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101411
Patch, Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Scores
CVSS v3
5.3
EPSS
0.0147
EPSS Percentile
81.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
Status
published
Products (4)
oracle/siebel_ui_framework
16.0
oracle/siebel_ui_framework
17.0
Oracle Corporation/Siebel UI Framework
16.0
Oracle Corporation/Siebel UI Framework
17.0
Published
Oct 19, 2017
Tracked Since
Feb 18, 2026