Impact
A vulnerability in Oracle WebCenter Content allows an unauthenticated attacker to send HTTP requests and achieve a complete takeover of the application. The flaw is a classic access‑control weakness that can result in total loss of confidentiality, integrity and availability. The CVSS 3.1 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H and a Base Score of 9.8 indicate that the risk is severe even though no privileges or user interaction are required.
Affected Systems
Oracle WebCenter Content version 12.2.1.4.0 and 14.1.2.0.0 are affected. The vulnerability exists in the Content Server component of Oracle Fusion Middleware.
Risk and Exploitability
The low EPSS (<1%) suggests that exploitation is not yet widespread, and the vulnerability is not listed in the CISA KEV catalog, but the high CVSS score and the fact that an unauthenticated attacker can exploit it over HTTP mean that attackers can readily compromise any exposed instance. The likely attack vector is via direct network access to the WebCenter Content HTTP endpoint, no certificates or special authentication steps required.
OpenCVE Enrichment