Description
Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3, IIOP to compromise Oracle WebCenter Enterprise Capture. While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Published: 2026-06-16
Score: 9.9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is located in the client bundle of Oracle WebCenter Enterprise Capture. An attacker with only low privileges who can reach the system over the network using the T3 or IIOP protocols can exploit the vulnerability to take full control of the capture service. Successful exploitation leads to complete compromise of the application, affecting confidentiality, integrity and availability.

Affected Systems

Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0 are affected. The description indicates that the attack may influence other related Oracle Fusion Middleware products because the privilege scope can expand during exploitation.

Risk and Exploitability

The CVSS 3.1 base score of 9.9 classifies this as a critical vulnerability. Although the EPSS score is less than 1%, indicating a current low likelihood of exploitation, the high impact warrants immediate mitigation. The vulnerability is not listed in CISA’s KEV catalog. Attack vectors are likely the T3 or IIOP network interfaces, and the low attack complexity allows an attacker with minimal privileges to carry out the attack.

Generated by OpenCVE AI on June 18, 2026 at 00:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable or uninstall the WebCenter Enterprise Capture component if it is not required in your environment.
  • Restrict network access to the T3 and IIOP ports by configuring firewall or network segmentation so that only trusted hosts can communicate with the capture service.
  • Enforce stringent authentication and access controls on the capture service, and monitor logs for anomalous activity targeting the WebCenter Enterprise Capture components.

Generated by OpenCVE AI on June 18, 2026 at 00:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Oracle WebCenter Enterprise Capture Remote Code Execution via Low Privilege T3/IIOP Access
Weaknesses CWE-284
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3, IIOP to compromise Oracle WebCenter Enterprise Capture. While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
First Time appeared Oracle
Oracle webcenter Enterprise Capture
CPEs cpe:2.3:a:oracle:webcenter_enterprise_capture:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_enterprise_capture:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Enterprise Capture
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


Subscriptions

Oracle Webcenter Enterprise Capture
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T13:41:53.494Z

Reserved: 2026-04-01T20:03:40.836Z

Link: CVE-2026-35283

cve-icon Vulnrichment

Updated: 2026-06-17T13:41:34.281Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:04:57Z

Weaknesses