Impact
An unauthenticated attacker can exploit a flaw in the Siebel Apps - Marketing component of Oracle Siebel CRM, involving CWE‑284 (Improper Access Control), to execute arbitrary code and take full control of the application. The vulnerability results in complete loss of confidentiality, integrity, and availability, with a CVSS 3.1 base score of 9.8 indicating Critical severity.
Affected Systems
Oracle Corporation’s Siebel Apps - Marketing, versions 17.0 through 26.5, are affected. No other products or versions are listed as vulnerable.
Risk and Exploitability
The low EPSS score (< 1%) suggests that exploitation attempts are currently rare, but the high CVSS score and the ability to achieve takeover without authentication make this a severe danger. The attack vector is inferred to be a network‑based HTTP request, and the vulnerability grants control over the target system without any user interaction.
OpenCVE Enrichment