Oracle's April 2013 quarterly critical update contains eight (8) new security patches for Oracle Siebel CRM versions 8.1.1, and 8.2.2. One (1) of the bugs can be remotely exploitable without authentication (that is, may be accessed over a network without requiring a user name or password). This particular vulnerability has been given a CVSS base score of 6.0.
How seriousness a threat this might turn out to be is measured according to the Common Vulnerability Scoring System (CVSS-SIG). Information about Oracle's own flavor of CVSS-SIG can found in the Use of Common Vulnerability Scoring System section of its website.
The modules where bugs are fixed include:
- Siebel Call Center
- Siebel Enterprise Application Integration
- Siebel UI Framework