Lucene search
K

Oracle Siebel Server <= 25.11 (April 2026 CPU)

šŸ—“ļøĀ 23 Apr 2026Ā 00:00:00Reported byĀ TenableTypeĀ 
nessus
Ā nessus
šŸ”—Ā www.tenable.comšŸ‘Ā 18Ā Views

Oracle Siebel CRM versions 17.0–25.11 have multiple vulnerabilities per April 2026 CPU across Deployment, End User, and Administration.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Due to use of Apache Log4j, IBM Netcool/OMNIbus Probe DSL Factory Framework is vulnerable to arbitrary code execution (CVE-2022-23302, CVE-2022-23307) and SQL injection (CVE-2022-23305)
16 Mar 202202:35
–ibm
IBM Security Bulletins
Security Bulletin: IBM Jazz for Service Management is vulnerable due to issues in JDOM, Apache Log4j 1.x, Apache ActiveMQ and Apache Camel
24 Jun 202511:53
–ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in IBM Datacap
12 Jan 202617:46
–ibm
IBM Security Bulletins
Security Bulletin: IBM Engineering Requirements Management DOORS and DOORS Web Access is affected by multiple vulnerabilities
6 Jul 202613:46
–ibm
IBM Security Bulletins
Security Bulletin: An IBM QRadar SIEM SNMP protocol is vulnerable to a denial of service, SQL injection and could allow a remote attacker to execute arbitrary code on the system.
15 May 202408:35
–ibm
IBM Security Bulletins
Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Log4j vulnerability (CVE-2022-23305)
4 Apr 202205:24
–ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in Log4j affects IBM Integrated Analytics System [CVE-2022-23305]
22 Feb 202306:36
–ibm
IBM Security Bulletins
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by SMTP injection due to Jakarta Mail
7 Nov 202511:01
–ibm
IBM Security Bulletins
Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access.
9 Jan 202420:27
–ibm
IBM Security Bulletins
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is potentially vulnerable to execution of arbitrary code due to its use of Apache Log4j (CVE-2022-23302)
21 Jul 202212:29
–ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(309922);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/23");

  script_cve_id(
    "CVE-2022-23302",
    "CVE-2022-23305",
    "CVE-2022-23307",
    "CVE-2022-45688",
    "CVE-2023-26464",
    "CVE-2025-7962"
  );

  script_name(english:"Oracle Siebel Server <= 25.11 (April 2026 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in
the April 2026 CPU advisory.

  - Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Server Infrastructure
    (Apache Log4j)). Supported versions that are affected are 17.0-25.11. Easily exploitable vulnerability
    allows unauthenticated attacker with network access via TLS to compromise Siebel CRM Deployment.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
    repeatable crash (complete DOS) of Siebel CRM Deployment. (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307,
    CVE-2023-26464)

  - Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM (component: Communications
    Panel/Dashboard (Jakarta Mail)). Supported versions that are affected are 17.0-25.11. Easily exploitable
    vulnerability allows unauthenticated attacker with network access via SMTP to compromise Siebel CRM End
    User. Successful attacks of this vulnerability can result in unauthorized creation, deletion or
    modification access to critical data or all Siebel CRM End User accessible data. (CVE-2025-7962)

  - Vulnerability in the Siebel CRM Administration product of Oracle Siebel CRM (component: Data Archival
    (Quartz)). Supported versions that are affected are 17.0-25.11. Easily exploitable vulnerability allows
    unauthenticated attacker with network access via HTTP to compromise Siebel CRM Administration. Successful
    attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
    crash (complete DOS) of Siebel CRM Administration. (CVE-2022-45688)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cpuapr2026csaf.json");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuapr2026.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the April 2026 Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-23307");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-23305");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2025-7962");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/04/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:siebel_crm");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_siebel_server_installed.nbin");
  script_require_keys("installed_sw/Oracle Siebel Server");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'checks': [
    {
      'product': {'name': 'Oracle Siebel Server', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'min_version': '17.0', 'max_version': '25.11', 'fixed_version': '26.3'}
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

23 Apr 2026 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 29
CVSS 3.19.8
CVSS 46
EPSS0.66537
SSVC
18