CVE-2026-46925

HIGH

Siebel CRM Cloud Applications 17.0-26.5 - Unauthenticated Remote Code Execution in Siebel Cloud Manager

Title source: llm
STIX 2.1

Description

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Siebel CRM Cloud Applications executes to compromise Siebel CRM Cloud Applications. While the vulnerability is in Siebel CRM Cloud Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
Oracle Advisory
https://www.oracle.com/security-alerts/cspujun2026.html

Scores

CVSS v3 8.3
EPSS 0.0027
EPSS Percentile 18.0%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-284
Status published
Products (2)
oracle/siebel_cloud_manager 17.0 - 26.5
Oracle Corporation/Siebel CRM Cloud Applications 17.0 - 26.5
Published Jun 17, 2026
Tracked Since Jun 17, 2026