A flaw in the Composer component of Oracle WebCenter Portal allows a low‑privileged attacker with network access via HTTP to compromise the system. Successful exploitation results in full takeover of the portal, affecting confidentiality, integrity, and availability. The vulnerability can be used by an attacker who only needs network connectivity to the portal, and the impact includes a scope change, indicating that privileges can be escalated beyond the original level of the attacker.

Oracle WebCenter Portal version 12.2.1.4.0 and 14.1.2.0.0 are impacted. These versions are part of Oracle Fusion Middleware and provide portal services used by many organizations.

The CVSS base score is 9.9 with AV:N/AC:L/PR:L/UI:N/S:C, signifying a high likelihood of exploitation by a user with low privileges over the network. The EPSS score is less than 1%, suggesting that widespread exploitation has not yet been observed, and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, because the attack vector is a simple HTTP request that can be sent from any networked system, the risk to environments running the affected portal versions remains significant. If exploited, an attacker can gain unrestricted control over the portal, potentially accessing sensitive data and disrupting services.