Impact
The vulnerability exists in Oracle WebCenter Content’s Content Server component and allows an attacker with network access via HTTP to obtain high‑privilege rights and ultimately take full control of the server. Because the flaw affects privileges directly (CWE‑284), successful exploitation results in full confidentiality, integrity, and availability compromise, enabling an attacker to read, modify, delete content, install backdoors, and pivot to other connected systems.
Affected Systems
Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 are affected. The vulnerability can also impact additional products that interact with WebCenter Content due to the scope change, meaning that a single compromise could spread to other components within the same Oracle Fusion Middleware stack.
Risk and Exploitability
The CVSS 3.1 base score of 9.1 indicates critical severity, while the EPSS score of <1 % suggests a low overall exploitation probability at present. The flaw is not listed in the CISA KEV catalog. The likely attack vector is over HTTP from an external network and requires an attacker with a high‑privilege state; successful exploitation leads to a full takeover of the Content Server and potentially further intrusion across connected systems.
OpenCVE Enrichment