PatchSiren cyber security CVE debrief

CVE-2017-3330 Oracle CVE debrief

CVE-2017-3330 affects Oracle Siebel UI Framework (Open UI) version 16.1. NVD rates it high severity with network reachability, low privileges, and required user interaction, and the listed impact is strongest on confidentiality and integrity. Oracle’s January 2017 CPU is cited as the vendor patch reference in the supplied sources.

Vendor: Oracle
Product: CVE-2017-3330
CVSS: HIGH 7.6
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-27
Original CVE updated: 2026-05-13
Advisory published: 2017-01-27
Advisory updated: 2026-05-13

Who should care

Oracle Siebel CRM administrators, application owners, IAM/security teams, and any organization exposing Siebel UI Framework 16.1 to user traffic over HTTP should treat this as important. Business units handling sensitive CRM data should also care because the published impacts include unauthorized access to critical data and modification of accessible data.

Technical summary

The supplied NVD data identifies a vulnerability in cpe:2.3:a:oracle:siebel_ui_framework:16.1. The CVSS v3.0 vector is AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N, indicating a remotely reachable issue that requires low privileges and human interaction, and can affect confidentiality and integrity across scope. NVD assigns NVD-CWE-noinfo, so the root cause is not specified in the supplied record.

Defensive priority

High. The combination of remote exposure, low-privilege access, required user interaction, and the possibility of unauthorized data access or data changes makes this a priority for Oracle Siebel environments.

Recommended defensive actions

Verify whether Oracle Siebel UI Framework/Open UI 16.1 is deployed in your environment.
Review Oracle's January 2017 CPU referenced in the NVD record and apply the relevant vendor remediation.
Limit exposure of Siebel UI endpoints to trusted networks and authenticated users only.
Reduce attack surface by enforcing least privilege for accounts that can reach Siebel UI functionality.
Monitor for unusual authentication, session, and data-access activity around Siebel UI Framework.
Validate that any compensating controls still protect against user-interaction-dependent web attacks.

Evidence notes

All substantive claims here are drawn from the supplied NVD/CVE record and its listed references. The record states affected version 16.1, remote HTTP reachability, low-privileged attacker conditions, required human interaction, and confidentiality/integrity impact. The supplied source also lists Oracle's January 2017 CPU advisory as the patch/vendor reference. No exploit mechanics or root-cause detail beyond 'NVD-CWE-noinfo' are included in the source corpus.

Official resources

CVE-2017-3330 CVE record
CVE.org
CVE-2017-3330 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
Source reference
[email protected]
Source reference
[email protected]

CVE-2017-3330 was published on 2017-01-27. The supplied NVD record was last modified on 2026-05-13, and Oracle's January 2017 CPU is listed as the vendor patch reference.