Description
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. While the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Published: 2026-06-16
Score: 9.9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Oracle WebCenter Content allows a low privileged attacker with network access via HTTP to compromise the system. The flaw is easily exploitable and can lead to full takeover of the Content Server, affecting confidentiality, integrity, and availability. It is classified as a high severity issue with a CVSS 3.1 Base Score of 9.9.

Affected Systems

Affected are Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0, parts of Oracle Fusion Middleware, with scope changes that may impact additional products in the stack.

Risk and Exploitability

Despite a low EPSS (<1%) exploitation probability, the CVSS score indicates a critical threat. The vulnerability can be exploited over the network through HTTP without user interaction, requiring only low privileged credentials. It is not listed in the CISA KEV catalog, but the high severity warrants immediate attention.

Generated by OpenCVE AI on June 17, 2026 at 19:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Oracle WebCenter Content patch that addresses this issue, available from Oracle’s security releases.
  • Restrict HTTP access to the WebCenter Content server by limiting inbound traffic to trusted subnets and requiring strong authentication before any request is processed.
  • Implement a reduced permission model and security monitoring to detect and block anomalous requests; conduct regular vulnerability scans and verify patch deployment.

Generated by OpenCVE AI on June 17, 2026 at 19:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. While the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
First Time appeared Oracle
Oracle webcenter Content
CPEs cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Content
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Oracle Webcenter Content
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T15:37:17.837Z

Reserved: 2026-04-01T20:03:40.837Z

Link: CVE-2026-35316

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T01:30:04Z

Weaknesses

No weakness.