Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
HTTP-reachable management component (AV:N), Oracle states easily exploitable (AC:L), requires a low-privileged Siebel account (PR:L), no user interaction, and yields full takeover (C:H/I:H/A:H).
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
AnalysisAI
Account takeover in Oracle Siebel CRM Cloud Applications versions 17.0 through 26.5 allows a low-privileged remote attacker to fully compromise the Siebel Cloud Manager component over HTTP. Oracle rates the flaw 8.8 with full CIA impact, and no public exploit identified at time of analysis, but the low attack complexity and low privilege requirement make this a high-priority patch for any internet-exposed Siebel deployment.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must (1) have network HTTP reachability to the Siebel Cloud Manager component of an Oracle Siebel CRM Cloud Applications instance running any version between 17.0 and 26.5, and (2) hold valid credentials for a low-privileged Siebel account (PR:L in the CVSS vector - unauthenticated exploitation is not in scope per Oracle). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H paints a serious picture: reachable over the network, no user interaction, low attack complexity, and full impact on confidentiality, integrity, and availability - with only a low-privileged account standing between the attacker and 'takeover of Siebel CRM Cloud Applications' as Oracle explicitly phrases it. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained or been issued a low-privileged Siebel account - for example a partner-portal login, a junior sales user, or a credential harvested via phishing - sends crafted HTTP requests to the Siebel Cloud Manager component and abuses the flaw to escalate to administrative control of the Siebel CRM Cloud Applications tenant. From there they can exfiltrate the full CRM database (customers, opportunities, pricing), tamper with records, or disrupt the service. … |
| Remediation | Apply the fixes delivered in Oracle's June 2026 Critical Patch Update for Siebel CRM as documented at https://www.oracle.com/security-alerts/cspujun2026.html - the specific patched build number is not enumerated in the advisory metadata supplied here, so confirm the exact fix level against the CPU matrix before deployment (Patch available per vendor advisory). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all Siebel deployments to identify affected versions (17.0-26.5) and map network exposure. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Remote takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) allows unauthenticated network atta
Privilege escalation and full takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) is possible
Adjacent-network takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) is possible via the Siebe
Full takeover of Oracle Siebel CRM Cloud Applications (versions 17.0-26.5) is possible by unauthenticated remote attacke
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37239