Scribd Logo
Upload

Welcome to Scribd!

  • Purpose: Release 8.1.1 Release 8.2.2

    Uploaded by

    NovanElFahmiansyah
    28 views2 pages
    This document provides information on security patches for Oracle Siebel CRM versions 8.1.1 and 8.2.2 from the January 2014 Critical Patch Update. It details two vulnerabilities, one allowing unauthorized access to Siebel Core EAI data and one enabling partial denial of service of Siebel Life Sciences. Patches are available as fix pack releases 8.1.1.11.3 and 8.2.2.4.3 to address these issues. The document also provides links for further patch documentation and scoring details.

    Original Description:

    Original Title

    January_2014_CPU_-_Siebel_Patch_Availability_Document_Final.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides information on security patches for Oracle Siebel CRM versions 8.1.1 and 8.2.2 from the January 2014 Critical Patch Update. It details two vulnerabilities, one allowing unauthorized access to Siebel Core EAI data and one enabling partial denial of service of Siebel Life Sciences. Patches are available as fix pack releases 8.1.1.11.3 and 8.2.2.4.3 to address these issues. The document also provides links for further patch documentation and scoring details.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    28 views2 pages

    Purpose: Release 8.1.1 Release 8.2.2

    Uploaded by

    NovanElFahmiansyah
    This document provides information on security patches for Oracle Siebel CRM versions 8.1.1 and 8.2.2 from the January 2014 Critical Patch Update. It details two vulnerabilities, one allowing unauthorized access to Siebel Core EAI data and one enabling partial denial of service of Siebel Life Sciences. Patches are available as fix pack releases 8.1.1.11.3 and 8.2.2.4.3 to address these issues. The document also provides links for further patch documentation and scoring details.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Purpose

    This document contains January Critical Patch Update, Patch Availability information for Oracle Siebel CRM.

    Scope

    This Critical Patch Update knowledge document applies to the following versions of Siebel CRM.
    The tables and documentation below list the patches needed for the products noted above to address identified security vulnerabilities and provide information on
    downloading and applying the recommended patches.

    Patch Availability Documentation
    Details of January 2014 Critical Patch Update patches for Oracle Siebel CRM are as follows:
    Customers using the following Oracle Siebel CRM versions are supported for January 2014 Critical Patch Update and should apply the applicable patches listed in
    this document:
    Release 8.1.1
    Release 8.2.2
    January 2014 Critical Patch Update - Patch availability information for Siebel Core CRM Application
    The January 2014 Critical Patch Update contains patches for the following security issues:
    CVE-2014-0369 Vulnerability in the Siebel Core - EAI component of Oracle Siebel CRM (subcomponent: Java Integration). Supported versions that are
    affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this
    vulnerability can result in unauthorized read access to a subset of Siebel Core - EAI accessible data. CVSS Base Score 5.0 (Confidentiality impacts).
    CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]

    CVE-2014-0370 Vulnerability in the Siebel Life Sciences component of Oracle Siebel CRM (subcomponent: Clinical Trip Report). Supported versions that
    are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful network attacks via HTTP, requiring multiple authentications. Successful
    attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel Life Sciences. CVSS Base Score 2.8
    (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P). (legend) [Advisory]





    Oracle Siebel Core CRM Risk Matrix
    CVE# Component Protocol
    Sub-
    component
    Remote
    Exploit
    without
    Auth.?
    CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)
    Supported
    Versions
    Affected
    Notes
    Base
    Score
    Access
    Vector
    Access
    Complexity
    Authen-
    tication
    Confiden-
    tiality
    Integrity
    Avail-
    ability
    CVE-
    2014-
    0369
    Siebel Core -
    EAI
    HTTP
    Java
    Integration
    Yes 5.0 Network Low None Partial None None 8.1.1, 8.2.2
    CVE-
    2014-
    0370
    Siebel Life
    Sciences
    HTTP
    Clinical Trip
    Report
    No 2.8 Network Medium Multiple None None Partial 8.1.1, 8.2.2


    Patch Availability for Oracle Siebel Core CRM (version 8.1.1, 8.2.2)

    FP Release Resolution (Fix Pack #)
    8.1.1 8.1.1.11.3
    8.2.2 8.2.2.4.3

    **Note: Some patches may require a password for download. Please contact Oracle Support for that information.
    Please read the appropriate readme documentation and apply the recommended patches accordingly.

    Links:
    My Oracle Support - http://support.oracle.com
    Risk Matrix Glossary - http://www.oracle.com/technetwork/topics/security/advisorymatrixglossary-101807.html
    Legend - http://nvd.nist.gov/cvss.cfm?vectorinfo&version=2
    Advisory - http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

    You might also like