CVE-2026-46925
HIGH 8.3Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Siebel CRM Cloud Applications executes to compromise Siebel CRM Cloud Applications. While the vulnerability is in Siebel CRM Cloud Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
Severe if exploited (CVSS 8.3), but no known exploitation and low modeled probability. Patch on a normal cadence.
Exploitation likelihood
0.3%chance of exploitation in 30 days · 18th percentile
Impact if exploited
8.3CVSS 3.1 · HIGH
- ConfidentialityHigh
- IntegrityHigh
- AvailabilityHigh
What an attacker needs
- ⚠Access: Must sit on the same / adjacent network
- ✓Privileges: No account or privileges required
- ✓User interaction: No user interaction needed
- ⚠Complexity: Needs a race window or specific setup
✓ lowers the bar for an attacker · ⚠ raises it
Weakness (CWE)
- CWE-284
CVSS vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H