Description
Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated attacker can exploit a flaw in the Siebel Apps - Marketing component of Oracle Siebel CRM to execute arbitrary code and take full control of the application. The vulnerability results in complete loss of confidentiality, integrity, and availability, with a CVSS 3.1 base score of 9.8 indicating Critical severity.

Affected Systems

Oracle Corporation’s Siebel Apps - Marketing, versions 17.0 through 26.5, are affected. No other products or versions are listed as vulnerable.

Risk and Exploitability

The low EPSS score (< 1%) suggests that exploitation attempts are currently rare, but the high CVSS score and the ability to achieve takeover without authentication make this a severe danger. The attack vector is inferred to be a network‑based HTTP request, and the vulnerability grants control over the target system without any user interaction.

Generated by OpenCVE AI on June 17, 2026 at 19:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Oracle security patch for Siebel Apps - Marketing that removes or mitigates the unauthenticated execution flaw
  • Restrict HTTP access to the Siebel Apps - Marketing server to trusted IP addresses or a secure VPN before patches can be applied
  • Disable or isolate the Marketing component if it is not required for business operations, until a patch is available

Generated by OpenCVE AI on June 17, 2026 at 19:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle siebel Apps - Marketing
CPEs cpe:2.3:a:oracle:siebel_apps_-_marketing:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle siebel Apps - Marketing
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Siebel Apps - Marketing
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T15:42:12.604Z

Reserved: 2026-05-18T15:55:10.309Z

Link: CVE-2026-46884

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T01:00:15Z

Weaknesses

No weakness.