Description
Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM Cloud Applications executes to compromise Siebel CRM Cloud Applications. While the vulnerability is in Siebel CRM Cloud Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability resides in the Siebel Cloud Manager component of Oracle’s Siebel CRM Cloud Applications. It permits a low‑privileged user who is already logged onto the infrastructure hosting the application to compromise the application, potentially leading to full takeover. The flaw results in complete loss of confidentiality, integrity, and availability for the CRM data and services.

Affected Systems

Oracle Siebel CRM Cloud Applications versions 17.0 through 26.5 are affected. The vulnerability applies to the Siebel Cloud Manager component in all listed releases.

Risk and Exploitability

With a CVSS v3.1 base score of 8.8, the flaw is considered high severity. The EPSS score is less than 1 %, indicating a low probability of exploitation at present, and the issue is not in CISA’s KEV catalog. Attackers would need local access and low privileges to exploit the flaw; however, the change in scope makes damage potentially far greater than the original product alone.

Generated by OpenCVE AI on June 17, 2026 at 19:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Oracle security patch for Siebel CRM Cloud Applications, ensuring the version is greater than 26.5.
  • Restrict local user accounts on the servers that host Siebel CRM Cloud Applications to the minimum permissions required for their duties.
  • Implement network segmentation and firewall rules to isolate the CRM infrastructure and limit lateral movement from compromised hosts.

Generated by OpenCVE AI on June 17, 2026 at 19:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM Cloud Applications executes to compromise Siebel CRM Cloud Applications. While the vulnerability is in Siebel CRM Cloud Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
First Time appeared Oracle
Oracle siebel Crm Cloud Applications
CPEs cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle siebel Crm Cloud Applications
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Oracle Siebel Crm Cloud Applications
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T14:04:12.715Z

Reserved: 2026-05-18T15:55:10.312Z

Link: CVE-2026-46926

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T03:15:02Z

Weaknesses

No weakness.