Siebel Crm Cloud Applications
Monthly
Privilege escalation and full takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) is possible for a low-privileged attacker with logon access to the host infrastructure, via the Siebel Cloud Manager component. Successful exploitation produces a scope change that significantly impacts adjacent products beyond Siebel itself, with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but Oracle has issued a fix in its June 2026 Critical Patch Update.
Adjacent-network takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) is possible via the Siebel Cloud Manager component, where an unauthenticated attacker on the same physical communication segment can fully compromise the application and pivot to other products through a scope change. The flaw carries a CVSS 3.1 base score of 8.3 with full confidentiality, integrity, and availability impact, but high attack complexity. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Account takeover in Oracle Siebel CRM Cloud Applications versions 17.0 through 26.5 allows a low-privileged remote attacker to fully compromise the Siebel Cloud Manager component over HTTP. Oracle rates the flaw 8.8 with full CIA impact, and no public exploit identified at time of analysis, but the low attack complexity and low privilege requirement make this a high-priority patch for any internet-exposed Siebel deployment.
Full takeover of Oracle Siebel CRM Cloud Applications (versions 17.0-26.5) is possible by unauthenticated remote attackers reaching the Siebel Cloud Manager component over HTTP, though Oracle classifies exploitation as difficult (AC:H). Successful attacks yield high impact across confidentiality, integrity, and availability - effectively complete compromise of the CRM tenant. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.
Remote takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) allows unauthenticated network attackers to fully compromise the Siebel Cloud Manager component via HTTP. The flaw carries a CVSS 9.8 with low attack complexity and no privileges or user interaction required, putting confidentiality, integrity, and availability at high risk. No public exploit identified at time of analysis, but Oracle's own advisory characterizes exploitation as easy.
Privilege escalation and full takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) is possible for a low-privileged attacker with logon access to the host infrastructure, via the Siebel Cloud Manager component. Successful exploitation produces a scope change that significantly impacts adjacent products beyond Siebel itself, with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but Oracle has issued a fix in its June 2026 Critical Patch Update.
Adjacent-network takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) is possible via the Siebel Cloud Manager component, where an unauthenticated attacker on the same physical communication segment can fully compromise the application and pivot to other products through a scope change. The flaw carries a CVSS 3.1 base score of 8.3 with full confidentiality, integrity, and availability impact, but high attack complexity. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Account takeover in Oracle Siebel CRM Cloud Applications versions 17.0 through 26.5 allows a low-privileged remote attacker to fully compromise the Siebel Cloud Manager component over HTTP. Oracle rates the flaw 8.8 with full CIA impact, and no public exploit identified at time of analysis, but the low attack complexity and low privilege requirement make this a high-priority patch for any internet-exposed Siebel deployment.
Full takeover of Oracle Siebel CRM Cloud Applications (versions 17.0-26.5) is possible by unauthenticated remote attackers reaching the Siebel Cloud Manager component over HTTP, though Oracle classifies exploitation as difficult (AC:H). Successful attacks yield high impact across confidentiality, integrity, and availability - effectively complete compromise of the CRM tenant. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.
Remote takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) allows unauthenticated network attackers to fully compromise the Siebel Cloud Manager component via HTTP. The flaw carries a CVSS 9.8 with low attack complexity and no privileges or user interaction required, putting confidentiality, integrity, and availability at high risk. No public exploit identified at time of analysis, but Oracle's own advisory characterizes exploitation as easy.