Description
Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability exists in the Siebel Cloud Manager component of Oracle Siebel CRM Cloud Applications that allows a low privileged attacker with network access via HTTP to compromise the entire application. The flaw can lead to full takeover, causing loss of confidentiality, integrity and availability for all data and services managed by Siebel CRM. The CVSS 3.1 vector indicates high impact across all dimensions (C:H I:H A:H) with a Base Score of 8.8.

Affected Systems

Affected software is Oracle’s Siebel CRM Cloud Applications. The vulnerability applies to supported versions ranging from 17.0 through 26.5. Administrators of Siebel CRM deployments should verify the exact version in use and determine whether it falls within this range.

Risk and Exploitability

The EPSS score is reported as less than 1%, indicating that, as of now, exploitation attempts are rare. The vulnerability is not included in the CISA KEV catalog. Nevertheless, the CVSS score of 8.8 denotes a high severity. The likely attack path requires only network connectivity: an attacker performs an HTTP request that leverages the flaw in Siebel Cloud Manager, enabling the attacker to gain elevated privileges and effectively control the application. Low privileged attackers can exploit this without requiring authentication or additional credentials.

Generated by OpenCVE AI on June 18, 2026 at 21:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Siebel CRM Cloud Applications to a version that is not in the 17.0‑26.5 range and contains the vendor’s security fix.
  • Limit HTTP access to the Siebel Cloud Manager interface to trusted network segments or IP addresses, and disable it for all other external traffic.
  • Continuously monitor web server and application logs for anomalous requests to the Cloud Manager endpoint and investigate any suspicious activity promptly.

Generated by OpenCVE AI on June 18, 2026 at 21:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title Remote Takeover in Siebel CRM Cloud Applications via Siebel Cloud Manager

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Remote Takeover in Siebel CRM Cloud Applications via Siebel Cloud Manager
Weaknesses CWE-269
CWE-284
CWE-287
CWE-306
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle siebel Crm Cloud Applications
CPEs cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle siebel Crm Cloud Applications
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Oracle Siebel Crm Cloud Applications
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-18T03:57:52.242Z

Reserved: 2026-05-18T15:55:10.311Z

Link: CVE-2026-46921

cve-icon Vulnrichment

Updated: 2026-06-17T14:08:26.117Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:44:57Z

Weaknesses
  • CWE-269

    Improper Privilege Management

  • CWE-284

    Improper Access Control

  • CWE-287

    Improper Authentication

  • CWE-306

    Missing Authentication for Critical Function