Impact
Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 contain a vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise the application. The vulnerability can lead to a full takeover of the system, compromising confidentiality, integrity, and availability. The weakness can be characterized as an improper access control flaw that permits execution of malicious code without authentication.
Affected Systems
Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0, components of Oracle Fusion Middleware used for enterprise content management.
Risk and Exploitability
The CVSS 3.1 base score of 9.8 indicates the vulnerability is critical. The EPSS score of <1% reflects a low expressed probability of exploitation at the time of analysis. The vulnerability is not listed in the CISA KEV catalog. Because the flaw is exploitable via plain HTTP requests without credentials or user interaction, the potential for abuse remains significant, especially when exposed to the Internet.
OpenCVE Enrichment