Impact
The vulnerability resides in the Client Bundle component of Oracle WebCenter Enterprise Capture and can be exploited by a low‑privileged attacker who has network connectivity to the T3 or IIOP interfaces. Attackers can manipulate requests to gain full control over the application, leading to a complete takeover. Successful exploitation results in full loss of confidentiality, integrity, and availability for the affected Oracle WebCenter Enterprise Capture environment.
Affected Systems
Affected releases include Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0. The impact extends beyond the capture product; because the flaw modifies access control, other components of Oracle Fusion Middleware that interact with the capture service may also be compromised.
Risk and Exploitability
The CVSS 3.1 score of 9.9 places this flaw in the critical range. The EPSS score of <1% indicates a very low likelihood of exploitation in the wild, yet the absence of a KEV listing does not diminish the risk for organizations still running unpatched versions. Attackers could achieve remote takeover with minimal effort, and the scope change means that compromise of WebCenter could cascade to other Fusion Middleware products. Organizations should treat this as a high-priority patching event.
OpenCVE Enrichment