Impact
This vulnerability in Oracle WebCenter Content allows a low‑privileged attacker with network access to compromise the system through HTTP, potentially taking complete control of the Content Server. The weakness is likely an improper access control or privilege escalation flaw, enabling the attacker to modify or execute code with application privileges.
Affected Systems
Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 are impacted. These are part of Oracle Fusion Middleware’s Content Server component.
Risk and Exploitability
The CVSS v3.1 score of 8.8 indicates high impact across confidentiality, integrity, and availability, and the attack vector is network‑based (AV:N). The EPSS score of less than 1% suggests a low probability of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, the ability for an attacker with low privileges to seize the system warrants urgent attention. If the weakness is exploited, the attacker could gain full administrative control, potentially disclosing or altering sensitive content and affecting all users of the application.
OpenCVE Enrichment