Skip to main content

Siebel Crm Cloud Applications

5 CVEs product

Monthly

CVE-2026-46926 HIGH This Week

Privilege escalation and full takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) is possible for a low-privileged attacker with logon access to the host infrastructure, via the Siebel Cloud Manager component. Successful exploitation produces a scope change that significantly impacts adjacent products beyond Siebel itself, with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but Oracle has issued a fix in its June 2026 Critical Patch Update.

Oracle Siebel Crm Cloud Applications Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-46925 HIGH This Week

Adjacent-network takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) is possible via the Siebel Cloud Manager component, where an unauthenticated attacker on the same physical communication segment can fully compromise the application and pivot to other products through a scope change. The flaw carries a CVSS 3.1 base score of 8.3 with full confidentiality, integrity, and availability impact, but high attack complexity. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Oracle Siebel Crm Cloud Applications Authentication Bypass
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-46921 HIGH This Week

Account takeover in Oracle Siebel CRM Cloud Applications versions 17.0 through 26.5 allows a low-privileged remote attacker to fully compromise the Siebel Cloud Manager component over HTTP. Oracle rates the flaw 8.8 with full CIA impact, and no public exploit identified at time of analysis, but the low attack complexity and low privilege requirement make this a high-priority patch for any internet-exposed Siebel deployment.

Oracle Siebel Crm Cloud Applications Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-46920 HIGH This Week

Full takeover of Oracle Siebel CRM Cloud Applications (versions 17.0-26.5) is possible by unauthenticated remote attackers reaching the Siebel Cloud Manager component over HTTP, though Oracle classifies exploitation as difficult (AC:H). Successful attacks yield high impact across confidentiality, integrity, and availability - effectively complete compromise of the CRM tenant. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

Oracle Siebel Crm Cloud Applications Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-46919 CRITICAL Act Now

Remote takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) allows unauthenticated network attackers to fully compromise the Siebel Cloud Manager component via HTTP. The flaw carries a CVSS 9.8 with low attack complexity and no privileges or user interaction required, putting confidentiality, integrity, and availability at high risk. No public exploit identified at time of analysis, but Oracle's own advisory characterizes exploitation as easy.

Oracle Siebel Crm Cloud Applications Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
EPSS 0% CVSS 8.8
HIGH This Week

Privilege escalation and full takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) is possible for a low-privileged attacker with logon access to the host infrastructure, via the Siebel Cloud Manager component. Successful exploitation produces a scope change that significantly impacts adjacent products beyond Siebel itself, with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but Oracle has issued a fix in its June 2026 Critical Patch Update.

Oracle Siebel Crm Cloud Applications Authentication Bypass
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Adjacent-network takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) is possible via the Siebel Cloud Manager component, where an unauthenticated attacker on the same physical communication segment can fully compromise the application and pivot to other products through a scope change. The flaw carries a CVSS 3.1 base score of 8.3 with full confidentiality, integrity, and availability impact, but high attack complexity. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Oracle Siebel Crm Cloud Applications Authentication Bypass
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Account takeover in Oracle Siebel CRM Cloud Applications versions 17.0 through 26.5 allows a low-privileged remote attacker to fully compromise the Siebel Cloud Manager component over HTTP. Oracle rates the flaw 8.8 with full CIA impact, and no public exploit identified at time of analysis, but the low attack complexity and low privilege requirement make this a high-priority patch for any internet-exposed Siebel deployment.

Oracle Siebel Crm Cloud Applications Authentication Bypass
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Full takeover of Oracle Siebel CRM Cloud Applications (versions 17.0-26.5) is possible by unauthenticated remote attackers reaching the Siebel Cloud Manager component over HTTP, though Oracle classifies exploitation as difficult (AC:H). Successful attacks yield high impact across confidentiality, integrity, and availability - effectively complete compromise of the CRM tenant. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

Oracle Siebel Crm Cloud Applications Authentication Bypass
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) allows unauthenticated network attackers to fully compromise the Siebel Cloud Manager component via HTTP. The flaw carries a CVSS 9.8 with low attack complexity and no privileges or user interaction required, putting confidentiality, integrity, and availability at high risk. No public exploit identified at time of analysis, but Oracle's own advisory characterizes exploitation as easy.

Oracle Siebel Crm Cloud Applications Authentication Bypass
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy