Impact
A flaw in the client bundle of Oracle WebCenter Enterprise Capture allows a low‑privilege attacker with network access via the T3 or IIOP protocols to take full control of the application. The vulnerability, rooted in an access‑control weakness (CWE‑284), can compromise confidentiality, integrity, and availability, and the attacker can leverage the change in scope to affect other products that use the same component.
Affected Systems
The affected component is Oracle WebCenter Enterprise Capture version 12.2.1.4.0 and 14.1.2.0.0. No other product versions are listed as impacted, but the description notes that related items may also be affected due to the scope change.
Risk and Exploitability
The CVSS 3.1 base score of 9.9 indicates critical severity, while an EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not in the CISA KEV catalog. Attackers need only low‑privilege credentials and networking access over T3 or IIOP, indicating a realistic path to compromise.
OpenCVE Enrichment