Description
Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw lies in the Siebel Cloud Manager component of Oracle Siebel CRM Cloud Applications. An unauthenticated attacker who can reach the system via HTTP can bypass authentication and fully compromise the application. The vulnerability can lead to loss of confidentiality, integrity and availability, effectively allowing the attacker to take over the application. This impact is inferred directly from the CVE description and the stated valid impact type in the CVSS vector.

Affected Systems

Oracle Corporation’s Siebel CRM Cloud Applications versions 17.0 through 26.5 are impacted. The affected component, Siebel Cloud Manager, is present in all deployments of this product.

Risk and Exploitability

The CVSS score of 8.1 marks high severity. EPSS < 1% suggests the exploit of this vulnerability is currently infrequent, and it is not listed in the CISA KEV catalog. Exploitation is possible simply by connecting to the exposed HTTP interface; no authentication, privilege escalation or user interaction is required, indicating a path to complete takeover of the application as described.

Generated by OpenCVE AI on June 18, 2026 at 23:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Oracle patch or upgrade to a version that fixes the described flaw, as outlined in Oracle’s security advisory.
  • Restrict inbound HTTP access to the Siebel Cloud Manager to a trusted IP whitelist or through a VPN, and enforce network segmentation to limit exposure.
  • Monitor application and network logs for abnormal authentication or application behavior, and set alerts for potential takeover attempts.

Generated by OpenCVE AI on June 18, 2026 at 23:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Title Unauthenticated HTTP Authorization Bypass Allowing Full Compromise of Siebel CRM Cloud Applications

Thu, 18 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Title Unauthenticated HTTP Attack Enables Full Compromise of Oracle Siebel CRM Cloud Applications
Weaknesses CWE-287

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated HTTP Attack Enables Full Compromise of Oracle Siebel CRM Cloud Applications
Weaknesses CWE-284
CWE-287
CWE-306
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle siebel Crm Cloud Applications
CPEs cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle siebel Crm Cloud Applications
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Oracle Siebel Crm Cloud Applications
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-18T03:57:51.163Z

Reserved: 2026-05-18T15:55:10.311Z

Link: CVE-2026-46920

cve-icon Vulnrichment

Updated: 2026-06-17T13:57:06.671Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:44:59Z

Weaknesses
  • CWE-284

    Improper Access Control

  • CWE-306

    Missing Authentication for Critical Function