Securing business data

Blog

View some of the latest blog posts from our Cyber Security experts...

CNS Advisory - Oracle Seibel Suite unauthenticated access

In January 2011 Convergent Network Solutions consultant Thomas Liam Romanis released two advisories to Oracle regarding the Oracle Siebel Suite. It turns out that Oracle were already aware of these issues and had released patches for them in October 2010. The information released by Oracle for both issues contained very little information.
 As Oracle Siebel Suite clients have had a significant period of time to implement patches CNS decided to release information regarding a Cross Site Scripting issue in April 2011 (with agreement from Oracle). This blog post concerns the second, more serious, HIGH impact issue identified.

A Convergent Network Solutions Ltd Advisory.
Author: Thomas Liam Romanis
Discovery: Thomas Liam Romanis
Confirmation: John Anderson
Product: Oracle Siebel
Version: 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3
Type: Unauthorized Access
Impact: HIGH
CVE: CVE-2010-3502

Summary: It was possible to gain access to the application without having to provide authentication credentials by sending a specially crafted request.

Details: It was discovered that by sending requests using the 'GetCachedFrame' SWE Command that unauthenticated access could be gained to the application. The 'GetCachedFrame' SWE Command was exposed by tracing through the requests and responses as part of the login process and also from java script files that can be accessed without authentication.

Exploit: In order to exploit this issue an attacker would submit an invalid logon request and step through the various requests submitted until a request for a URL similar to the one below is observed. This request would then be copied and submitted in isolation in order to achieve unauthorized access to the application without providing any ID and Authentication credentials.


Impact: An attacker could gain unauthorized access to the application and execute sql queries to extract data from the database. 

Notes: It appears that the application is only compatible with older versions of Microsoft Internet Explorer such as version 6.

Remediation: It is recommended that appropriate patches are applied. Please see the link bellow:

Join our mailing list to ensure you keep up with all of the latest in Cyber Security.

call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere