Description
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in Oracle WebCenter Content’s Content Server component permits a low‑privileged attacker who can reach the system over HTTP to compromise the entire application. Successful exploitation can lead to full takeover of the WebCenter Content instance, exposing confidential data, allowing modification of content and configuration, and potentially enabling further lateral movement. The flaw is an example of improper access control and the CVSS v3.1 score of 8.8 indicates high impact on confidentiality, integrity, and availability.

Affected Systems

Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 are affected. No other versions were listed in the advisory.

Risk and Exploitability

The vulnerability is exploitable over the network with low attacker privileges and no user interaction; the EPSS score is less than 1%, indicating a low likelihood of widespread exploitation at the present time. It is not currently listed in the CISA Known Exploited Vulnerabilities catalog, but the high CVSS score warrants immediate attention. Attackers could use the exposed HTTP interface to send crafted requests that trigger the flaw and achieve a full remote takeover of the WebCenter Content instance.

Generated by OpenCVE AI on June 17, 2026 at 20:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Oracle’s security alerts and apply the latest patch or upgrade to a non‑affected version of WebCenter Content.
  • Restrict network access to the WebCenter Content HTTP endpoint, limiting it to trusted hosts or VPN ranges.
  • Configure strict role‑based access controls and ensure that no default or overly privileged accounts are exposed over the network.

Generated by OpenCVE AI on June 17, 2026 at 20:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle webcenter Content
CPEs cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Content
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Webcenter Content
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T15:37:09.173Z

Reserved: 2026-04-01T20:03:40.837Z

Link: CVE-2026-35317

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T23:00:05Z

Weaknesses

No weakness.