Impact
This vulnerability enables a low‑privileged attacker who can reach the Siebel CRM Integration component over HTTP to fully compromise the system, thereby gaining uncontrolled access to the application, data, and services it manages. The CVSS vector indicates network‑based exploitation with low attack complexity and no user interaction, resulting in confidentiality, integrity, and availability impacts. Successful exploitation effectively transfers ownership of the integration component to the attacker.
Affected Systems
Oracle Corporation’s Siebel CRM Integration (EAI component) versions 17.0 through 26.5 are affected. Affected hosts are those exposing the HTTP interface of the integration service.
Risk and Exploitability
The vulnerability carries a CVSS base score of 8.8, indicating high severity. EPSS is reported as less than 1 %, a very low exploitation probability, and it is not listed in CISA’s KEV catalog. Nevertheless, because the attacker only needs network access and low privileges, the potential for a fast, automated compromise remains considerable. The likely attack vector is an unauthenticated or minimally authenticated HTTP request that leverages a defect in the integration’s access control or input handling logic to gain administrative control of the component.
OpenCVE Enrichment