The vulnerability resides in the Oracle WebCenter Content component of Oracle Fusion Middleware. An unauthenticated attacker with network access to the HTTP endpoint can exploit the flaw to create, delete, or modify critical data in the Content Server, or obtain complete access to all accessible data. The weakness is a form of improper access control that permits unauthorized manipulation of sensitive information, posing high confidentiality and integrity risks. The description explicitly states that the attack can result in unauthorized creation, deletion, modification, or complete access to data, which would critically affect business operations and data integrity.

Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 are affected. These versions are part of Oracle Fusion Middleware and are used to host enterprise content management services accessed over HTTP.

The CVSS v3.1 base score of 9.1 indicates a high risk with substantial confidentiality and integrity impact. The EPSS score is below 1 %, suggesting a very low current exploitation probability, and the vulnerability is not listed in CISA’s KEV catalog. Nonetheless, the attack vector is relatively simple—an unauthenticated HTTP request—so the flaw can be leveraged remotely without prior compromise. The vulnerability can be exploited by any actor with network connectivity to the WebCenter Content HTTP interface, potentially leading to full data compromise if no additional network segregation or policy controls are in place.