CVE Catalog

CVE-2026-46888

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM affects the Database Upgrade component. This flaw is easily exploitable by a low-privileged attacker with local access to the infrastructure where Siebel CRM Deployment runs. Successful exploitation can lead to full takeover of Siebel CRM Deployment.

Risk Assessment

The risk to the organization includes potential loss of confidentiality, integrity, and availability of data and systems, which may result in unauthorized takeover of the Siebel CRM deployment.

Recommendation

It is recommended to immediately apply patches provided by Oracle for versions 17.0-26.5 and restrict local access to the infrastructure to trusted users only.

Original NVD description (English source)

Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Database Upgrade). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM Deployment executes to compromise Siebel CRM Deployment. Successful attacks of this vulnerability can result in takeover of Siebel CRM Deployment. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS