CVE-2026-46888
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM affects the Database Upgrade component. This flaw is easily exploitable by a low-privileged attacker with local access to the infrastructure where Siebel CRM Deployment runs. Successful exploitation can lead to full takeover of Siebel CRM Deployment.
Risk Assessment
The risk to the organization includes potential loss of confidentiality, integrity, and availability of data and systems, which may result in unauthorized takeover of the Siebel CRM deployment.
Recommendation
It is recommended to immediately apply patches provided by Oracle for versions 17.0-26.5 and restrict local access to the infrastructure to trusted users only.
Original NVD description (English source)
Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Database Upgrade). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM Deployment executes to compromise Siebel CRM Deployment. Successful attacks of this vulnerability can result in takeover of Siebel CRM Deployment. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

