This vulnerability in Oracle Siebel Apps - Marketing (component: Marketing) is easily exploitable remotely without authentication via HTTP. It affects version 17.0 and has a CVSS 3.1 base score of 9.8, indicating critical impact on confidentiality, integrity, and availability. Successful exploitation results in full takeover of the affected Siebel Apps - Marketing instance. Oracle's June 2026 Critical Security Patch Update advisory references this vulnerability and strongly urges customers to apply patches promptly to mitigate the risk. The advisory does not specify the exact patch version or remediation level for this CVE, but emphasizes the importance of applying the Critical Security Patch Update.

The vulnerability allows unauthenticated remote attackers to fully compromise Oracle Siebel Apps - Marketing, resulting in complete loss of confidentiality, integrity, and availability of the application. This can lead to full takeover of the affected system, posing severe risks to business operations and data security.

Oracle strongly recommends applying the June 2026 Critical Security Patch Update immediately to address this vulnerability. Until patches are applied, risk may be reduced by blocking network protocols required for exploitation. Removing unnecessary privileges or access to vulnerable packages for users may also help mitigate risk, though these measures may impact application functionality. Patch status is not explicitly confirmed in the advisory; customers should consult the Oracle Critical Security Patch Update documentation for detailed patch availability and installation instructions.