Description
Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated attacker can exploit a flaw in the Siebel Apps - Marketing component of Oracle Siebel CRM, involving CWE‑284 (Improper Access Control), to execute arbitrary code and take full control of the application. The vulnerability results in complete loss of confidentiality, integrity, and availability, with a CVSS 3.1 base score of 9.8 indicating Critical severity.

Affected Systems

Oracle Corporation’s Siebel Apps - Marketing, versions 17.0 through 26.5, are affected. No other products or versions are listed as vulnerable.

Risk and Exploitability

The low EPSS score (< 1%) suggests that exploitation attempts are currently rare, but the high CVSS score and the ability to achieve takeover without authentication make this a severe danger. The attack vector is inferred to be a network‑based HTTP request, and the vulnerability grants control over the target system without any user interaction.

Generated by OpenCVE AI on June 18, 2026 at 23:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Oracle security patch for Siebel Apps - Marketing that removes or mitigates the unauthenticated execution flaw
  • Restrict HTTP access to the Siebel Apps - Marketing server to trusted IP addresses or a secure VPN before patches can be applied
  • Disable or isolate the Marketing component if it is not required for business operations, until a patch is available

Generated by OpenCVE AI on June 18, 2026 at 23:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
Title Unauthenticated HTTP Attack Allows Full Compromise of Oracle Siebel Marketing

Thu, 18 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Code Execution in Oracle Siebel Apps Marketing
Weaknesses CWE-94

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Code Execution in Oracle Siebel Apps Marketing
Weaknesses CWE-284
CWE-94
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle siebel Apps - Marketing
CPEs cpe:2.3:a:oracle:siebel_apps_-_marketing:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle siebel Apps - Marketing
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Oracle Siebel Apps - Marketing
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-18T03:56:57.782Z

Reserved: 2026-05-18T15:55:10.309Z

Link: CVE-2026-46884

cve-icon Vulnrichment

Updated: 2026-06-17T15:41:41.568Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T23:45:16Z

Weaknesses