| Reporter | Title | Published | Views | Family All 87 |
|---|---|---|---|---|
| CVE-2026-46885 | 16 Jun 202619:27 | – | attackerkb | |
| CVE-2026-46888 | 16 Jun 202619:27 | – | attackerkb | |
| The vulnerability of the EAI component in the Oracle Siebel CRM system, which manages relationships with customers, allows a hacker to gain full access to the system. | 24 Jun 202600:00 | – | bdu_fstec | |
| CVE-2026-46884 | 17 Jun 202605:31 | – | circl | |
| CVE-2026-46885 | 17 Jun 202605:31 | – | circl | |
| CVE-2026-46886 | 17 Jun 202605:31 | – | circl | |
| CVE-2026-46887 | 17 Jun 202605:31 | – | circl | |
| CVE-2026-46888 | 17 Jun 202605:31 | – | circl | |
| CVE-2026-46889 | 17 Jun 202605:31 | – | circl | |
| CVE-2026-46890 | 17 Jun 202605:31 | – | circl |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(322796);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/26");
script_cve_id(
"CVE-2026-46884",
"CVE-2026-46885",
"CVE-2026-46886",
"CVE-2026-46887",
"CVE-2026-46888",
"CVE-2026-46889",
"CVE-2026-46890",
"CVE-2026-46919",
"CVE-2026-46920",
"CVE-2026-46921",
"CVE-2026-46925",
"CVE-2026-46926"
);
script_name(english:"Oracle Siebel Server <= 26.5 (June 2026 CSPU)");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in
the June 2026 CSPU advisory.
- Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing).
Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows
unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful
attacks of this vulnerability can result in takeover of Siebel Apps - Marketing. (CVE-2026-46884,
CVE-2026-46886, CVE-2026-46887, CVE-2026-46889, CVE-2026-46890)
- Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud
Manager). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows
unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud Applications.
Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications.
(CVE-2026-46919, CVE-2026-46920, CVE-2026-46921, CVE-2026-46925, CVE-2026-46926)
- Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: EAI). Supported
versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker
with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this
vulnerability can result in takeover of Siebel CRM Integration. (CVE-2026-46885)
- Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Database Upgrade).
Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged
attacker with logon to the infrastructure where Siebel CRM Deployment executes to compromise Siebel CRM
Deployment. Successful attacks of this vulnerability can result in takeover of Siebel CRM Deployment.
(CVE-2026-46888)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cspujun2026csaf.json");
script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cspujun2026.html");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the June 2026 Oracle Critical Security Patch Update advisory.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-46884");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2026-46919");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/16");
script_set_attribute(attribute:"patch_publication_date", value:"2026/06/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:siebel_crm");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("oracle_siebel_server_installed.nbin");
script_require_keys("installed_sw/Oracle Siebel Server");
exit(0);
}
include('vdf.inc');
# @tvdl-content
var vuln_data = {
'metadata': {'spec_version': '1.0'},
'checks': [
{
'product': {'name': 'Oracle Siebel Server', 'type': 'app'},
'check_algorithm': 'default',
'constraints': [
{'min_version': '17.0', 'max_version': '26.5', 'fixed_version': '26.6', 'fixed_display': 'Patch pending, see vendor advisory'}
]
}
]
};
var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation