Skip to main content

Siebel Apps Marketing

7 CVEs product

Monthly

CVE-2026-46890 CRITICAL Act Now

Remote takeover of Oracle Siebel CRM's Siebel Apps - Marketing component (versions 17.0 through 26.5) is possible by unauthenticated attackers reaching the application over HTTP, per Oracle's June 2026 Critical Patch Update. With a 9.8 CVSS base score and full confidentiality/integrity/availability impact, this represents a top-priority Oracle CPU finding, though no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Oracle Siebel Apps Marketing Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-46889 CRITICAL Act Now

Unauthenticated remote takeover of Oracle Siebel Apps - Marketing (versions 17.0 through 26.5) is possible via HTTP, allowing attackers to fully compromise confidentiality, integrity, and availability of the marketing component. Oracle's CVSS 3.1 base score of 9.8 reflects trivial network exploitability with no authentication or user interaction, and no public exploit identified at time of analysis. The flaw was disclosed in Oracle's Critical Patch Update cycle and tracked in ENISA's EUVD as EUVD-2026-37381.

Oracle Siebel Apps Marketing Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-46887 CRITICAL Act Now

Remote unauthenticated takeover of Oracle Siebel Apps - Marketing (versions 17.0 through 26.5) is achievable over HTTP, allowing attackers to fully compromise confidentiality, integrity, and availability of the Marketing component. Oracle's CVSS 9.8 rating reflects easy exploitation with no authentication or user interaction required, though no public exploit is identified at time of analysis and the CVE is not currently listed in CISA KEV.

Oracle Siebel Apps Marketing Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-46886 HIGH This Week

Authenticated takeover of Oracle Siebel Apps - Marketing (versions 17.0 through 26.5) allows a low-privileged attacker with HTTP network access to fully compromise confidentiality, integrity, and availability of the Marketing component. Oracle rates this 8.8 CVSS 3.1 with low attack complexity and no user interaction, making it an easy-win post-authentication vulnerability against any reachable Siebel Marketing instance. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

Oracle Siebel Apps Marketing Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-46884 CRITICAL Act Now

Remote unauthenticated takeover of Oracle Siebel Apps - Marketing (versions 17.0 through 26.5) is possible over HTTP, requiring no privileges or user interaction. Successful exploitation yields full compromise of the Marketing component with high confidentiality, integrity, and availability impact (CVSS 9.8). No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Oracle Siebel Apps Marketing Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2020-9484 Maven HIGH POC PATCH THREAT This Week

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server;. Rated high severity (CVSS 7.0). This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache RCE Deserialization Tomcat Debian Linux +24
NVD
CVSS 3.1
7.0
EPSS
56.6%
CVE-2020-9488 Maven LOW PATCH Monitor

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Apache Log4J Communications Application Session Controller Communications Billing And Revenue Management +43
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote takeover of Oracle Siebel CRM's Siebel Apps - Marketing component (versions 17.0 through 26.5) is possible by unauthenticated attackers reaching the application over HTTP, per Oracle's June 2026 Critical Patch Update. With a 9.8 CVSS base score and full confidentiality/integrity/availability impact, this represents a top-priority Oracle CPU finding, though no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Oracle Siebel Apps Marketing Authentication Bypass
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated remote takeover of Oracle Siebel Apps - Marketing (versions 17.0 through 26.5) is possible via HTTP, allowing attackers to fully compromise confidentiality, integrity, and availability of the marketing component. Oracle's CVSS 3.1 base score of 9.8 reflects trivial network exploitability with no authentication or user interaction, and no public exploit identified at time of analysis. The flaw was disclosed in Oracle's Critical Patch Update cycle and tracked in ENISA's EUVD as EUVD-2026-37381.

Oracle Siebel Apps Marketing Authentication Bypass
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote unauthenticated takeover of Oracle Siebel Apps - Marketing (versions 17.0 through 26.5) is achievable over HTTP, allowing attackers to fully compromise confidentiality, integrity, and availability of the Marketing component. Oracle's CVSS 9.8 rating reflects easy exploitation with no authentication or user interaction required, though no public exploit is identified at time of analysis and the CVE is not currently listed in CISA KEV.

Oracle Siebel Apps Marketing Authentication Bypass
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated takeover of Oracle Siebel Apps - Marketing (versions 17.0 through 26.5) allows a low-privileged attacker with HTTP network access to fully compromise confidentiality, integrity, and availability of the Marketing component. Oracle rates this 8.8 CVSS 3.1 with low attack complexity and no user interaction, making it an easy-win post-authentication vulnerability against any reachable Siebel Marketing instance. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

Oracle Siebel Apps Marketing Authentication Bypass
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote unauthenticated takeover of Oracle Siebel Apps - Marketing (versions 17.0 through 26.5) is possible over HTTP, requiring no privileges or user interaction. Successful exploitation yields full compromise of the Marketing component with high confidentiality, integrity, and availability impact (CVSS 9.8). No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Oracle Siebel Apps Marketing Authentication Bypass
NVD
EPSS 57% CVSS 7.0
HIGH POC PATCH THREAT This Week

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server;. Rated high severity (CVSS 7.0). This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache RCE Deserialization +26
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Apache Log4J +45
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy