Description
Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3 to compromise Oracle WebCenter Enterprise Capture. While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Published: 2026-06-16
Score: 9.9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Oracle WebCenter Enterprise Capture client bundle enables an attacker with low privileges and network connectivity via the T3 protocol to compromise the application, resulting in full takeover. The vulnerability directly impacts confidentiality, integrity, and availability, as the attacker can execute arbitrary code and gain control of the targeted system.

Affected Systems

Oracle WebCenter Enterprise Capture version 12.2.1.4.0 and 14.1.2.0.0, issued by Oracle Corporation.

Risk and Exploitability

The CVSS v3.1 base score of 9.9 reflects a high severity, and the minimal EPSS score (<1%) indicates that exploitation is rare but possible. The vulnerability is not listed in the CISA KEV catalog, yet the attack vector is inseparable from the T3 network protocol, enabling a remote, low‑privilege attacker to reach the affected component.

Generated by OpenCVE AI on June 17, 2026 at 19:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Oracle WebCenter Enterprise Capture to version 12.2.1.4.0 or 14.1.2.0.0 as soon as a patch is available.
  • Restrict or disable the T3 protocol to eliminate network access for non‑trusted hosts.
  • Configure and monitor audit logs for anomalous T3 activity.

Generated by OpenCVE AI on June 17, 2026 at 19:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3 to compromise Oracle WebCenter Enterprise Capture. While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
First Time appeared Oracle
Oracle webcenter Enterprise Capture
CPEs cpe:2.3:a:oracle:webcenter_enterprise_capture:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_enterprise_capture:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Enterprise Capture
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Oracle Webcenter Enterprise Capture
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T15:33:29.984Z

Reserved: 2026-05-18T15:55:10.297Z

Link: CVE-2026-46779

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T01:30:04Z

Weaknesses

No weakness.