Lucene search
K

Oracle Siebel Server <= 26.5 (June 2026 CSPU)

🗓️ 25 Jun 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 12 Views

Oracle Siebel CRM 17.0–26.5 has vulnerabilities that can allow takeover.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-46885
16 Jun 202619:27
attackerkb
ATTACKERKB
CVE-2026-46888
16 Jun 202619:27
attackerkb
BDU FSTEC
The vulnerability of the EAI component in the Oracle Siebel CRM system, which manages relationships with customers, allows a hacker to gain full access to the system.
24 Jun 202600:00
bdu_fstec
Circl
CVE-2026-46884
17 Jun 202605:31
circl
Circl
CVE-2026-46885
17 Jun 202605:31
circl
Circl
CVE-2026-46886
17 Jun 202605:31
circl
Circl
CVE-2026-46887
17 Jun 202605:31
circl
Circl
CVE-2026-46888
17 Jun 202605:31
circl
Circl
CVE-2026-46889
17 Jun 202605:31
circl
Circl
CVE-2026-46890
17 Jun 202605:31
circl
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(322796);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/26");

  script_cve_id(
    "CVE-2026-46884",
    "CVE-2026-46885",
    "CVE-2026-46886",
    "CVE-2026-46887",
    "CVE-2026-46888",
    "CVE-2026-46889",
    "CVE-2026-46890",
    "CVE-2026-46919",
    "CVE-2026-46920",
    "CVE-2026-46921",
    "CVE-2026-46925",
    "CVE-2026-46926"
  );

  script_name(english:"Oracle Siebel Server <= 26.5 (June 2026 CSPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in
the June 2026 CSPU advisory.

  - Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing).
    Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows
    unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful
    attacks of this vulnerability can result in takeover of Siebel Apps - Marketing. (CVE-2026-46884,
    CVE-2026-46886, CVE-2026-46887, CVE-2026-46889, CVE-2026-46890)

  - Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud
    Manager). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows
    unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud Applications.
    Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications.
    (CVE-2026-46919, CVE-2026-46920, CVE-2026-46921, CVE-2026-46925, CVE-2026-46926)

  - Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: EAI). Supported
    versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker
    with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this
    vulnerability can result in takeover of Siebel CRM Integration. (CVE-2026-46885)

  - Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Database Upgrade).
    Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged
    attacker with logon to the infrastructure where Siebel CRM Deployment executes to compromise Siebel CRM
    Deployment. Successful attacks of this vulnerability can result in takeover of Siebel CRM Deployment.
    (CVE-2026-46888)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cspujun2026csaf.json");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cspujun2026.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the June 2026 Oracle Critical Security Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-46884");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2026-46919");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/06/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:siebel_crm");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_siebel_server_installed.nbin");
  script_require_keys("installed_sw/Oracle Siebel Server");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'checks': [
    {
      'product': {'name': 'Oracle Siebel Server', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'min_version': '17.0', 'max_version': '26.5', 'fixed_version': '26.6', 'fixed_display': 'Patch pending, see vendor advisory'}
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

26 Jun 2026 00:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.19.8
EPSS0.00483
SSVC
12