Description
Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability in Oracle Siebel Apps – Marketing allows an attacker who is unauthenticated but has network access via HTTP to take control of the application. The issue results in full compromise with confidentiality, integrity, and availability all affected, as a successful exploit can take over the service. The weakness is a lack of proper access control and authentication enforcement.

Affected Systems

Oracle Corporation’s Siebel Apps – Marketing, versions 17.0 through 26.5, are impacted. No specific sub‑versions are noted beyond the range, so any build within this span is potentially vulnerable.

Risk and Exploitability

The CVSS score of 9.8 indicates critical severity, and the EPSS score shows a very low yet non‑zero probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog, suggesting no known widespread exploitation yet. However, because the attack vector is over a publicly reachable HTTP interface with no authentication required, the risk of exploitation remains high, especially for exposed deployments.

Generated by OpenCVE AI on June 17, 2026 at 19:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Siebel Apps – Marketing to the latest patched version (at least 26.5) from Oracle.
  • Restrict inbound HTTP access to the application by implementing firewalls or VLAN segmentation to limit exposure to trusted hosts.
  • Enable network monitoring and log analysis to detect suspicious HTTP activity targeting the Marketing component.

Generated by OpenCVE AI on June 17, 2026 at 19:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle siebel Apps - Marketing
CPEs cpe:2.3:a:oracle:siebel_apps_-_marketing:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle siebel Apps - Marketing
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Siebel Apps - Marketing
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-16T19:27:43.101Z

Reserved: 2026-05-18T15:55:10.309Z

Link: CVE-2026-46887

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T00:45:04Z

Weaknesses

No weakness.