This vulnerability in Oracle Siebel CRM Cloud Applications (component: Siebel Cloud Manager) affects version 17.0 and allows an unauthenticated attacker with network access over HTTP to compromise the application fully. The CVSS 3.1 score of 9.8 reflects critical impact on confidentiality, integrity, and availability. The vulnerability is easily exploitable without authentication or user interaction. Oracle's June 2026 Critical Security Patch Update advisory addresses this and numerous other vulnerabilities, recommending customers apply patches promptly. While no specific patch version is detailed in the provided data, Oracle's advisory strongly encourages applying the update to mitigate the risk. Temporary mitigations include blocking network protocols used by the attack or restricting privileges, though these may disrupt normal operations.

Successful exploitation can lead to complete takeover of Siebel CRM Cloud Applications, impacting confidentiality, integrity, and availability of the system. The vulnerability is remotely exploitable without authentication, making it highly critical. There are no known exploits in the wild at the time of this report.

Oracle strongly recommends applying the June 2026 Critical Security Patch Update immediately to address this vulnerability. Since the product is not a cloud service, patching must be performed by customers. Until patches are applied, risk may be reduced by blocking network protocols required for exploitation or removing unnecessary privileges from users, though these measures may affect application functionality. Patch status is not explicitly confirmed in the advisory text provided; customers should consult the Oracle advisory at https://www.oracle.com/security-alerts/cspujun2026.html for the latest patch availability and installation instructions.