Impact
The vulnerability is a missing authentication flaw in Oracle WebCenter Sites that permits an unauthenticated attacker to send crafted HTTP requests and thereby compromise the application. This results in full control of the site, leading to loss of confidentiality, integrity and availability. The weakness is identified as CWE‑306.
Affected Systems
Oracle WebCenter Sites from Oracle Corporation, version 12.2.1.4.0 and 14.1.2.0.0, are affected. Any installation of these releases that has not applied the vendor security patch or upgraded contains the vulnerability.
Risk and Exploitability
The CVSS 3.1 base score of 9.8 indicates a critical severity. The EPSS score is under 1 %, indicating a low current exploitation probability, and the vulnerability has not appeared in the CISA KEV catalog. An attacker does not need any credentials; simply sending crafted HTTP requests from the network is sufficient to achieve takeover. The lack of a pre‑authentication barrier coupled with the high impact makes timely patching essential.
OpenCVE Enrichment