Impact
The flaw lies in the Siebel Cloud Manager component of Oracle Siebel CRM Cloud Applications. An unauthenticated attacker who can reach the system via HTTP can bypass authentication and fully compromise the application. The vulnerability can lead to loss of confidentiality, integrity and availability, effectively allowing the attacker to take over the application. This impact is inferred directly from the CVE description and the stated valid impact type in the CVSS vector.
Affected Systems
Oracle Corporation’s Siebel CRM Cloud Applications versions 17.0 through 26.5 are impacted. The affected component, Siebel Cloud Manager, is present in all deployments of this product.
Risk and Exploitability
The CVSS score of 8.1 marks high severity. EPSS < 1% suggests the exploit of this vulnerability is currently infrequent, and it is not listed in the CISA KEV catalog. Exploitation is possible simply by connecting to the exposed HTTP interface; no authentication, privilege escalation or user interaction is required, indicating a path to complete takeover of the application as described.
OpenCVE Enrichment