Impact
The vulnerability is an Improper Access Control flaw (CWE‑284) in Oracle WebCenter Content’s Content Server component. A low‑privileged attacker who can reach the application over HTTP can bypass authorization checks and fully compromise the system, leading to potential takeover of the WebCenter Content application. The CVSS 3.1 Base Score of 9.9 indicates maximum impact on confidentiality, integrity, and availability.
Affected Systems
The affected systems are Oracle Corporation’s WebCenter Content product, specifically the Content Server component. Versions 12.2.1.4.0 and 14.1.2.0.0 are enumerated as vulnerable; these versions may also expose additional Oracle Fusion Middleware products due to the scope change outlined in the advisory.
Risk and Exploitability
The CVSS base score of 9.9 and a network attack vector with low complexity and low privilege suggest that the vulnerability is highly severe yet relatively easy for an attacker to exploit. The EPSS score of less than 1% indicates that, despite the high severity, current exploit activity is low, and the vulnerability is not listed in the CISA KEV catalog. However, the combination of HTTP accessibility, lack of user interaction, and scope change implies that a remote attacker could execute an exploit and gain full control over the application if they can reach the target network interface. The risk is significant for organizations currently running the affected versions and must be addressed promptly.
OpenCVE Enrichment