Impact
This vulnerability in Oracle WebCenter Content: Imaging is a classic example of a web application flaw where missing authentication for critical functions (CWE-306) allows an unauthenticated attacker to control the system. The flaw is triggered via a normal HTTP request and, if successfully exploited, composes a full compromise of the application, exposing all stored data and disrupting service availability. The impact, as described in the CVE, is a complete loss of confidentiality, integrity, and availability.
Affected Systems
Affected versions are Oracle WebCenter Content: Imaging 12.2.1.4.0 and 14.1.2.0.0, part of Oracle Fusion Middleware, typically running on servers exposed to HTTP traffic. Attackers can reach these services over the network from both internal and external networks.
Risk and Exploitability
The CVSS base score of 9.8 categorizes the issue as critical, indicating that exploitation leads to total system compromise. The EPSS score of less than 1% suggests that exploitation has not been widely observed yet, but the requirement of only network connectivity and the lack of an authentication barrier mean that an attacker can launch an attack from anywhere with HTTP access. The vulnerability is not listed in CISA’s KEV catalog, but its existence and the high score warrant timely attention. The most likely attack vector involves sending a specially crafted HTTP request to the imaging service, leveraging the underlying access control weakness to bypass authentication and execute arbitrary code or commands.
OpenCVE Enrichment