Impact
A vulnerability exists in the Siebel Cloud Manager component of Oracle Siebel CRM Cloud Applications that allows a low privileged attacker with network access via HTTP to compromise the entire application. The flaw can lead to full takeover, causing loss of confidentiality, integrity and availability for all data and services managed by Siebel CRM. The CVSS 3.1 vector indicates high impact across all dimensions (C:H I:H A:H) with a Base Score of 8.8.
Affected Systems
Affected software is Oracle’s Siebel CRM Cloud Applications. The vulnerability applies to supported versions ranging from 17.0 through 26.5. Administrators of Siebel CRM deployments should verify the exact version in use and determine whether it falls within this range.
Risk and Exploitability
The EPSS score is reported as less than 1%, indicating that, as of now, exploitation attempts are rare. The vulnerability is not included in the CISA KEV catalog. Nevertheless, the CVSS score of 8.8 denotes a high severity. The likely attack path requires only network connectivity: an attacker performs an HTTP request that leverages the flaw in Siebel Cloud Manager, enabling the attacker to gain elevated privileges and effectively control the application. Low privileged attackers can exploit this without requiring authentication or additional credentials.
OpenCVE Enrichment