Description
Vulnerability in the WebCenter Content: Imaging product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise WebCenter Content: Imaging. Successful attacks of this vulnerability can result in takeover of WebCenter Content: Imaging. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE discloses a flaw in Oracle WebCenter Content: Imaging that allows an attacker with low privileges and network access via HTTP to take full control of the instance, resulting in a compromise of confidentiality, integrity, and availability. This weakness is a weak authentication flaw (CWE-306) that enables bypass of normal access controls.

Affected Systems

Oracle WebCenter Content: Imaging versions 12.2.1.4.0 and 14.1.2.0.0 are affected. These versions are part of Oracle Fusion Middleware and are deployed in enterprise image‑management environments.

Risk and Exploitability

The CVSS base score of 8.8 indicates high severity, with low attack complexity and low privilege requirements. EPSS is less than 1%, implying a relatively low likelihood of exploitation at present. The CVE explicitly states that the vulnerability can be exploited by a low‑privileged attacker who has network access via HTTP; no specific authentication bypass is described, but the attack vector is clearly over the network and requires no user interaction.

Generated by OpenCVE AI on June 19, 2026 at 00:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the security patch for WebCenter Content: Imaging released in the Oracle June 2026 security alert.
  • Restrict HTTP access to the WebCenter Content: Imaging service to trusted hosts only, isolating it from untrusted networks.
  • Monitor HTTP traffic to the WebCenter Content: Imaging endpoint for anomalous requests and enforce logging to detect potential exploitation attempts.

Generated by OpenCVE AI on June 19, 2026 at 00:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 01:15:00 +0000

Type Values Removed Values Added
Title Low-Privileged HTTP Access Allows Full Compromise of Oracle WebCenter Content: Imaging

Thu, 18 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Title WebCenter Content: Imaging Remote Code Execution via HTTP
Weaknesses CWE-284

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title WebCenter Content: Imaging Remote Code Execution via HTTP
Weaknesses CWE-284
CWE-306
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the WebCenter Content: Imaging product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise WebCenter Content: Imaging. Successful attacks of this vulnerability can result in takeover of WebCenter Content: Imaging. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle webcenter Content Imaging
CPEs cpe:2.3:a:oracle:webcenter_content__imaging:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_content__imaging:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Content Imaging
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Oracle Webcenter Content Imaging
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T15:33:21.568Z

Reserved: 2026-05-18T15:55:10.297Z

Link: CVE-2026-46780

cve-icon Vulnrichment

Updated: 2026-06-17T15:14:59.578Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T01:00:14Z

Weaknesses
  • CWE-306

    Missing Authentication for Critical Function