Description
Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - Marketing. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in Oracle Siebel CRM’s Siebel Apps – Marketing component permits an attacker with low privileges who can reach the system over HTTP to compromise the application. The flaw can lead to a full takeover, affecting confidentiality, integrity, and availability of the CRM data. The vulnerability is formally rated with a CVSS 3.1 base score of 8.8 and exploits a weakness that allows bypassing normal access controls, aligning with CWE‑284.

Affected Systems

The affected product is Oracle’s Siebel Apps – Marketing, supported versions 17.0 through 26.5. Systems running any of these releases and exposed to HTTP traffic on the network are susceptible. No other vendors or products are listed as impacted.

Risk and Exploitability

The CVSS score indicates a high severity. The EPSS score of less than 1% suggests that exploitation is currently rare, but the lack of a known KEV listing does not change the fact that an attacker could gain complete control of the application if the vulnerability is discovered and exploited. The attack vector is inferred to be remote over HTTP, requiring only network access and a low level of privileges. An attacker could exploit the flaw by sending specially crafted requests to the Marketing component and bypass authentication to execute arbitrary code or obtain full administrative rights.

Generated by OpenCVE AI on June 17, 2026 at 19:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify that an Oracle patch or update for Siebel Apps – Marketing versions 17.0 to 26.5 is available and apply it immediately.
  • Configure the network firewall or access control list to restrict HTTP traffic to the Siebel Apps – Marketing endpoint to only trusted IP ranges or VPN connections.
  • Deploy network segmentation and monitor application logs for anomalous HTTP requests that may indicate exploitation attempts.

Generated by OpenCVE AI on June 17, 2026 at 19:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - Marketing. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle siebel Apps - Marketing
CPEs cpe:2.3:a:oracle:siebel_apps_-_marketing:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle siebel Apps - Marketing
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Siebel Apps - Marketing
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T15:44:13.138Z

Reserved: 2026-05-18T15:55:10.309Z

Link: CVE-2026-46886

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T00:45:04Z

Weaknesses

No weakness.