Impact
The CVE discloses a flaw in Oracle WebCenter Content: Imaging that allows an attacker with low privileges and network access via HTTP to take full control of the instance, resulting in a compromise of confidentiality, integrity, and availability. This weakness is a weak authentication flaw (CWE-306) that enables bypass of normal access controls.
Affected Systems
Oracle WebCenter Content: Imaging versions 12.2.1.4.0 and 14.1.2.0.0 are affected. These versions are part of Oracle Fusion Middleware and are deployed in enterprise image‑management environments.
Risk and Exploitability
The CVSS base score of 8.8 indicates high severity, with low attack complexity and low privilege requirements. EPSS is less than 1%, implying a relatively low likelihood of exploitation at present. The CVE explicitly states that the vulnerability can be exploited by a low‑privileged attacker who has network access via HTTP; no specific authentication bypass is described, but the attack vector is clearly over the network and requires no user interaction.
OpenCVE Enrichment