Impact
The flaw is located in the client bundle of Oracle WebCenter Enterprise Capture. An attacker with only low privileges who can reach the system over the network using the T3 or IIOP protocols can exploit the vulnerability to take full control of the capture service. Successful exploitation leads to complete compromise of the application, affecting confidentiality, integrity and availability.
Affected Systems
Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0 are affected. The description indicates that the attack may influence other related Oracle Fusion Middleware products because the privilege scope can expand during exploitation.
Risk and Exploitability
The CVSS 3.1 base score of 9.9 classifies this as a critical vulnerability. Although the EPSS score is less than 1%, indicating a current low likelihood of exploitation, the high impact warrants immediate mitigation. The vulnerability is not listed in CISA’s KEV catalog. Attack vectors are likely the T3 or IIOP network interfaces, and the low attack complexity allows an attacker with minimal privileges to carry out the attack.
OpenCVE Enrichment