Description
Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is located in the Marketing component of Oracle Siebel Apps. An attacker who does not possess credentials can interact with the application over HTTP and exploit the vulnerability, causing a full takeover of the Siebel Marketing instance. Because the attack bypasses authentication and is delivered over a standard network protocol, once the flaw is triggered the attacker gains control over the application’s confidentiality, integrity, and availability. The CVSS vector indicates a low attack complexity and no user interaction, underscoring the severity of the impact.

Affected Systems

Oracle Corporation’s Siebel Apps – Marketing product is affected in all supported versions from 17.0 through 26.5. The vulnerability applies to any deployment of these releases that is exposed to HTTP traffic.

Risk and Exploitability

The vulnerability has a CVSS 3.1 base score of 9.8, reflecting a critical security risk. The EPSS score is reported as less than 1%, suggesting that current exploitation rates are low, but this does not diminish the potential damage should an attacker find a way to reach the target. The flaw is not listed in the CISA Known Exploited Vulnerabilities catalog, but attackers could still leverage publicly available code once the environment is identified. Exploitation requires only unauthenticated access via HTTP, making the barrier for an attacker minimal.

Generated by OpenCVE AI on June 17, 2026 at 20:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch or upgrade Siebel Apps – Marketing beyond version 26.5.
  • Restrict public network access to the Marketing instance by configuring firewalls or network ACLs to allow traffic only from trusted hosts.
  • Configure Siebel Marketing to require authentication and use HTTPS so that no unauthenticated HTTP endpoints are exposed.

Generated by OpenCVE AI on June 17, 2026 at 20:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle siebel Apps - Marketing
CPEs cpe:2.3:a:oracle:siebel_apps_-_marketing:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle siebel Apps - Marketing
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Siebel Apps - Marketing
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-16T19:27:43.726Z

Reserved: 2026-05-18T15:55:10.309Z

Link: CVE-2026-46889

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T00:45:04Z

Weaknesses

No weakness.