Oracle WebCenter Content, specifically its Content Server component, has a vulnerability that permits an unauthenticated attacker with network access via HTTP to execute arbitrary code. The flaw is difficult to exploit, but when successful it results in a full takeover of the WebCenter Content instance, compromising confidentiality, integrity, and availability of the application. The impact is a complete loss of control over the affected server.

The affected products are Oracle WebCenter Content from Oracle Corporation, with the 12.2.1.4.0 and 14.1.2.0.0 release lines noted as vulnerable. The description also acknowledges that a scope change could potentially affect other Oracle products that interact with WebCenter Content, though the primary target remains the mentioned versions.

The CVSS v3.1 base score of 9.0 marks this vulnerability as Critical, with no authentication required, high complexity, no user interaction, and a changed scope, enabling attackers to fully compromise the system. The EPSS score is reported as less than 1%, indicating that the probability of exploitation at the time of this assessment is low, yet the severity remains high. Because the vulnerability is accessed over HTTP, it can be exploited remotely from any network location that can reach the WebCenter Content service, making it a significant threat to unpatched environments. The lack of a listing in CISA’s KEV catalog does not mitigate the risk, as the flaw remains publicly known and potentially exploitable.