An unauthenticated attacker who can reach the Oracle WebCenter Enterprise Capture application through Java RMI can exploit a flaw in the Client Bundle component, acquiring full control of the target system. The vulnerability exposes the integrity, confidentiality, and availability of the application, resulting in a complete takeover. Although the issue originates in WebCenter Enterprise Capture, successful exploitation may also affect other components of the Oracle Fusion Middleware stack due to the scope change stated by the vendor.

The vulnerability affects Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0. The RMI interface must be reachable over the network for the exploit to succeed. No other products or versions are listed as impacted in the current data set.

The CVSS 3.1 base score of 10.0 indicates the maximum possible impact for confidentiality, integrity, and availability. The EPSS score is less than 1%, suggesting that overall exploitation probability in the wild is currently low, and the vulnerability is not yet included in the CISA KEV catalog. Nevertheless, the attack vector is network based via RMI, and the lack of authentication makes the exploit trivial for an adversary who can reach the exposed port. Inferred from the description, the likely path involves an unauthenticated RMI request that triggers code execution within the application process.