17 Oct 2012
Oracle Siebel CRM 8.x
Exposure of sensitive information
Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote.
Two vulnerabilities have been reported in Oracle Siebel CRM, which can be exploited by malicious users and malicious people to disclose certain sensitive information.
1) An error within the Portal Framework sub-component of the Siebel UI Framework can be exploited to read certain Siebel UI Framework accessible data.
2) An error within the Siebel Documentation sub-component of the Siebel UI Framework can be exploited to read certain Siebel UI Framework accessible data.
The vulnerabilities are reported in version 8.1.1.
Apply updates (please see the vendor's advisory for details).
It is currently unclear who reported the vulnerabilities as the Oracle Critical Patch Update for October 2012 only provides a bundled list of credits. This section will be updated when/if the original reporters provide more information.