CVE-2026-46925 - Vulnerability Details

Description

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Siebel CRM Cloud Applications executes to compromise Siebel CRM Cloud Applications. While the vulnerability is in Siebel CRM Cloud Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

Published: 2026-06-16

Score: 8.3 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the Siebel Cloud Manager component enables an attacker with physical access to the network segment used by Oracle Siebel CRM Cloud Applications to bypass authentication and ultimately gain full control of the application. This authentication bypass can lead to loss of confidentiality, integrity, and availability of all customer data stored in Siebel. The weakness aligns with improper access control (CWE‑284), information exposure (CWE‑200), and incorrect permissions (CWE‑732).

Affected Systems

Oracle Siebel CRM Cloud Applications, component Siebel Cloud Manager. Affected releases include version 17.0 through 26.5. No other products or upstream components are listed as vulnerable.

Risk and Exploitability

The vulnerability carries a CVSS 3.1 Base Score of 8.3, indicating high severity. The EPSS score is reported as less than 1 %, meaning the likelihood of exploitation is currently low but not zero. It is not listed in CISA’s KEV catalog. The attack requires only physical proximity to the communication segment, representing an adjacent‑network vector; the scope change in the metric indicates that a successful compromise will result in full system takeover.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Oracle Corporation

Siebel CRM Cloud Applications

affected

Version	Status	Constraints
`17.0`	affected	≤ 26.5

No data.

Vendor Product Confidence Versions

Oracle

Siebel Crm Cloud Applications

95%

Version	Status	Scheme	Platform
`[17.0,26.5]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the Oracle vendor patch or upgrade to a version that fixes the Siebel Cloud Manager flaw
Restrict physical network access to the ports and interfaces used by Siebel CRM Cloud Applications and isolate these from general LAN traffic
Deploy network segmentation and enforce strict VLAN separation so only authorized maintenance stations can reach the internal segment, and monitor for anomalous traffic

Generated by OpenCVE AI on June 17, 2026 at 20:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00204.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.oracle.com/security-alerts/cspujun2026.html

History

Tue, 16 Jun 2026 20:45:00 +0000

Type	Values Removed	Values Added
Description		Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Siebel CRM Cloud Applications executes to compromise Siebel CRM Cloud Applications. While the vulnerability is in Siebel CRM Cloud Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
First Time appeared		Oracle Oracle siebel Crm Cloud Applications
CPEs		cpe:2.3:a:oracle:siebel_crm_cloud_applications::::::::
Vendors & Products		Oracle Oracle siebel Crm Cloud Applications
References		https://www.oracle.com/security-alerts/cspujun2026.html
Metrics		cvssV3_1 `{'score': 8.3, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}`

Subscriptions

Oracle Siebel Crm Cloud Applications

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2026-06-16T19:27:53.911Z

Updated: 2026-06-17T14:05:46.130Z

Reserved: 2026-05-18T15:55:10.312Z

Link: CVE-2026-46925

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-17T04:00:02Z

Weaknesses

No weakness.

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object