Description
Vulnerability in the WebCenter Content: Imaging product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise WebCenter Content: Imaging. Successful attacks of this vulnerability can result in takeover of WebCenter Content: Imaging. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability in Oracle WebCenter Content: Imaging is a classic example of a web application flaw where missing authentication for critical functions (CWE-306) allows an unauthenticated attacker to control the system. The flaw is triggered via a normal HTTP request and, if successfully exploited, composes a full compromise of the application, exposing all stored data and disrupting service availability. The impact, as described in the CVE, is a complete loss of confidentiality, integrity, and availability.

Affected Systems

Affected versions are Oracle WebCenter Content: Imaging 12.2.1.4.0 and 14.1.2.0.0, part of Oracle Fusion Middleware, typically running on servers exposed to HTTP traffic. Attackers can reach these services over the network from both internal and external networks.

Risk and Exploitability

The CVSS base score of 9.8 categorizes the issue as critical, indicating that exploitation leads to total system compromise. The EPSS score of less than 1% suggests that exploitation has not been widely observed yet, but the requirement of only network connectivity and the lack of an authentication barrier mean that an attacker can launch an attack from anywhere with HTTP access. The vulnerability is not listed in CISA’s KEV catalog, but its existence and the high score warrant timely attention. The most likely attack vector involves sending a specially crafted HTTP request to the imaging service, leveraging the underlying access control weakness to bypass authentication and execute arbitrary code or commands.

Generated by OpenCVE AI on June 19, 2026 at 00:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Acquire and deploy the latest Oracle patch for WebCenter Content: Imaging that contains the fixed authentication and access control logic.
  • If a patch is not immediately available, segregate the imaging service by blocking all external HTTP traffic to its ports via network firewalls or by moving the service behind a VPN that requires valid credentials to reach the endpoint.
  • Disable any unused imaging functionality or replace the component with a hardened version that enforces strict authentication (CWE‑306); ensure that all exposed APIs require legitimate user tokens and check permissions before processing requests.
  • Configure centralized logging and anomaly detection to capture failed HTTP attempts and unusual payloads; consider a Web Application Firewall (WAF) rule set that prevents known malicious request patterns.

Generated by OpenCVE AI on June 19, 2026 at 00:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Oracle webcenter Content
Vendors & Products Oracle webcenter Content

Fri, 19 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated Network Attack Enables Full Compromise of Oracle WebCenter Content: Imaging

Thu, 18 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Code Execution in Oracle WebCenter Content: Imaging
Weaknesses CWE-284
CWE-287

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Code Execution in Oracle WebCenter Content: Imaging
Weaknesses CWE-284
CWE-287
CWE-306
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the WebCenter Content: Imaging product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise WebCenter Content: Imaging. Successful attacks of this vulnerability can result in takeover of WebCenter Content: Imaging. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle webcenter Content Imaging
CPEs cpe:2.3:a:oracle:webcenter_content__imaging:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_content__imaging:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Content Imaging
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Oracle Webcenter Content Webcenter Content Imaging
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T15:32:52.574Z

Reserved: 2026-05-18T15:55:10.297Z

Link: CVE-2026-46783

cve-icon Vulnrichment

Updated: 2026-06-17T15:13:03.245Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:00:12Z

Weaknesses
  • CWE-306

    Missing Authentication for Critical Function