This vulnerability in Oracle Siebel CRM Integration (version 17.0) permits a low privileged attacker with network access over HTTP to compromise the system, potentially resulting in complete takeover. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates network attack vector, low attack complexity, required privileges, no user interaction, unchanged scope, and high impact on confidentiality, integrity, and availability. Oracle’s June 2026 Critical Security Patch Update advisory references this vulnerability among 245 fixes and strongly urges customers to apply patches without delay to mitigate exploitation risks.

If exploited, this vulnerability allows an attacker with low privileges and network access via HTTP to fully compromise Oracle Siebel CRM Integration, resulting in complete loss of confidentiality, integrity, and availability of the affected component. This could lead to unauthorized data access, data manipulation, and service disruption.

Oracle’s advisory strongly recommends applying the June 2026 Critical Security Patch Update, which includes patches addressing this vulnerability. Until patches are applied, risk may be reduced by blocking network protocols required for exploitation and by removing unnecessary privileges from users. Oracle emphasizes applying patches promptly to prevent exploitation. Patch status is not explicitly confirmed in the advisory text provided; therefore, customers should consult the Oracle advisory at https://www.oracle.com/security-alerts/cspujun2026.html for current patch availability and detailed remediation instructions.