PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46884 Oracle Corporation CVE debrief

A critical vulnerability was discovered in Siebel Apps - Marketing, a product of Oracle Siebel CRM. The vulnerability, tracked as CVE-2026-46884, has a CVSS score of 9.8 and allows unauthenticated attackers with network access via HTTP to compromise the system. Successful attacks can result in a takeover of Siebel Apps - Marketing. This vulnerability is easily exploitable and has a high impact on confidentiality, integrity, and availability. Organizations should be aware of the potential risks and take necessary actions to mitigate them.

Vendor
Oracle Corporation
Product
Siebel Apps - Marketing
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

Organizations using Siebel Apps - Marketing versions 17.0-26.5 should prioritize patching this vulnerability to prevent potential takeovers. This is a critical vulnerability with a high CVSS score, and organizations should take immediate action to mitigate the risks. Security teams and vulnerability management teams should review the affected scope and severity, and plan vendor-supported updates or mitigations through normal change control.

Technical summary

The vulnerability is located in the Marketing component of Siebel Apps - Marketing. It has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a high impact on confidentiality, integrity, and availability. The vulnerability is easily exploitable and requires no authentication or user interaction. It affects Siebel Apps - Marketing versions 17.0-26.5, and successful attacks can result in a takeover of Siebel Apps - Marketing.

Defensive priority

High

Recommended defensive actions

  • Apply the patch provided by Oracle Corporation as soon as possible
  • Restrict network access to Siebel Apps - Marketing to only necessary personnel
  • Monitor for suspicious activity and implement additional security measures to detect potential attacks
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-06-17T10:54:06.073Z and last modified on 2026-06-18T22:59:05.850Z. The NVD entry is currently Analyzed. Oracle Corporation has provided a vendor advisory for this vulnerability. The vulnerability affects Siebel Apps - Marketing versions 17.0-26.5, and successful attacks can result in a takeover of Siebel Apps - Marketing. The CVSS score is 9.8, indicating a critical vulnerability. The CVE record was obtained from the NVD, and its accuracy has been verified through defensive validation tasks.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:06.073Z and has not been modified since then. The NVD entry is currently Analyzed.