The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2025 CPU advisory.

  - Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Application Interface     (Apache Tomcat)).  Supported versions that are affected are 25.0-25.5. Difficult to exploit vulnerability     allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Deployment.
    Successful attacks of this vulnerability can result in takeover of Siebel CRM Deployment. (CVE-2025-24813)

  - Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: EAI (JDOM)).
    Supported versions that are affected are 25.0-25.5. Easily exploitable vulnerability allows unauthenticated     attacker with network access via HTTP to compromise Siebel CRM Integration.  Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of Siebel CRM Integration. (CVE-2021-33813)

  - Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: Event Publish and     Subscribe (Apache Kafka)).  Supported versions that are affected are 25.0-25.5. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM     Integration.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or     modification access to critical data or all Siebel CRM Integration accessible data as well as  unauthorized     access to critical data or complete access to all Siebel CRM Integration accessible data. (CVE-2024-27309)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Siebel CRM 25.x < 25.6 (July 2025 CPU)

critical Nessus Plugin ID 242243

Version 1.2