Impact
The vulnerability resides in the Client Bundle component of Oracle WebCenter Enterprise Capture. It allows an attacker with low‑level network access to compromise the application. Successful exploitation can lead to complete takeover, affecting confidentiality, integrity and availability of the system.
Affected Systems
Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0 are affected. Although the flaw is in this product, the scope changes stated in the description indicate that attacks may also impact other Oracle Fusion Middleware components.
Risk and Exploitability
The CVSS v3.1 score of 9.9 signifies a critical vulnerability that can be exploited over the network via the T3 and IIOP protocols. The EPSS of less than 1% suggests that recorded exploits are rare, yet the high severity warrants proactive action. The vulnerability is not currently listed in the CISA KEV catalog. The attack requires only a low‑privileged network connection and can be conducted by remote actors, making it a realistic threat.
OpenCVE Enrichment