Impact
A privileged escalation flaw in Oracle WebCenter Sites allows an attacker with network access via HTTP to run arbitrary code and fully compromise the system. The vulnerability can lead to complete loss of confidentiality, integrity, and availability of the application. The impact can affect any user with low privileges on the network capable of contacting the vulnerable instance.
Affected Systems
Oracle WebCenter Sites version 12.2.1.4.0 and version 14.1.2.0.0 are impacted. These releases are part of Oracle Fusion Middleware and are deployed in enterprise web portals.
Risk and Exploitability
The CVSS base score of 8.8 indicates high severity. The EPSS score is below 1 %, suggesting that exploitation is presently unlikely. The vulnerability is not currently listed in the CISA KEV catalog. Exploitation is inferred to be possible via standard HTTP traffic to the application, and requires only low privileges; an attacker could leverage known HTTP endpoints or misconfigurations to trigger the flaw.
OpenCVE Enrichment