PatchSiren cyber security CVE debrief
CVE-2026-46884 Oracle Corporation CVE debrief
A critical vulnerability was discovered in Siebel Apps - Marketing, a product of Oracle Siebel CRM. The vulnerability, tracked as CVE-2026-46884, has a CVSS score of 9.8 and allows unauthenticated attackers with network access via HTTP to compromise the system. Successful attacks can result in a takeover of Siebel Apps - Marketing. This vulnerability is easily exploitable and has a high impact on confidentiality, integrity, and availability. Organizations should be aware of the potential risks and take necessary actions to mitigate them.
- Vendor
- Oracle Corporation
- Product
- Siebel Apps - Marketing
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Organizations using Siebel Apps - Marketing versions 17.0-26.5 should prioritize patching this vulnerability to prevent potential takeovers. This is a critical vulnerability with a high CVSS score, and organizations should take immediate action to mitigate the risks. Security teams and vulnerability management teams should review the affected scope and severity, and plan vendor-supported updates or mitigations through normal change control.
Technical summary
The vulnerability is located in the Marketing component of Siebel Apps - Marketing. It has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a high impact on confidentiality, integrity, and availability. The vulnerability is easily exploitable and requires no authentication or user interaction. It affects Siebel Apps - Marketing versions 17.0-26.5, and successful attacks can result in a takeover of Siebel Apps - Marketing.
Defensive priority
High
Recommended defensive actions
- Apply the patch provided by Oracle Corporation as soon as possible
- Restrict network access to Siebel Apps - Marketing to only necessary personnel
- Monitor for suspicious activity and implement additional security measures to detect potential attacks
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-06-17T10:54:06.073Z and last modified on 2026-06-18T22:59:05.850Z. The NVD entry is currently Analyzed. Oracle Corporation has provided a vendor advisory for this vulnerability. The vulnerability affects Siebel Apps - Marketing versions 17.0-26.5, and successful attacks can result in a takeover of Siebel Apps - Marketing. The CVSS score is 9.8, indicating a critical vulnerability. The CVE record was obtained from the NVD, and its accuracy has been verified through defensive validation tasks.
Official resources
-
CVE-2026-46884 CVE record
CVE.org
-
CVE-2026-46884 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:06.073Z and has not been modified since then. The NVD entry is currently Analyzed.