Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Description explicitly requires local logon (AV:L) with an existing low-privileged account (PR:L), exploitation is easy (AC:L), no user interaction, and full takeover with scope change drives S:C and C/I/A:H.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM Cloud Applications executes to compromise Siebel CRM Cloud Applications. While the vulnerability is in Siebel CRM Cloud Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
AnalysisAI
Privilege escalation and full takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) is possible for a low-privileged attacker with logon access to the host infrastructure, via the Siebel Cloud Manager component. Successful exploitation produces a scope change that significantly impacts adjacent products beyond Siebel itself, with full confidentiality, integrity, and availability impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must already have an authenticated low-privilege logon (PR:L) on the infrastructure host where Siebel CRM Cloud Applications and the Siebel Cloud Manager component execute - i.e., shell or equivalent application-tier access on the Siebel server itself, not network access from outside. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 8.8 is driven largely by the scope change and triple-high CIA impact rather than by remote reachability: the AV:L vector confirms the attacker must already be logged on to the Siebel CRM Cloud Applications infrastructure, and PR:L means they need an existing low-privilege account on that host. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A help-desk, batch-processing, or third-party integration account with only low Siebel/OS privileges on a Siebel application server abuses the Siebel Cloud Manager component to escalate, taking over the Siebel CRM Cloud Applications instance and pivoting across the scope-changed trust boundary into adjacent Oracle-managed products. Because AC:L and UI:N apply, no user interaction or special timing is needed once the attacker is on the host. … |
| Remediation | Apply the fixes from Oracle's June 2026 Critical Patch Update for Siebel CRM Cloud Applications (Patch available per vendor advisory at https://www.oracle.com/security-alerts/cspujun2026.html); Oracle's CPU is the authoritative source for the exact patched build numbers per Siebel release, which should be matched to your deployed version in the 17.0-26.5 range. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Siebel CRM Cloud Application instances running versions 17.0-26.5 and restrict host logon access to essential administrators only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Remote takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) allows unauthenticated network atta
Account takeover in Oracle Siebel CRM Cloud Applications versions 17.0 through 26.5 allows a low-privileged remote attac
Adjacent-network takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) is possible via the Siebe
Full takeover of Oracle Siebel CRM Cloud Applications (versions 17.0-26.5) is possible by unauthenticated remote attacke
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37242