Description
Vulnerability in the WebCenter Content: Imaging product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise WebCenter Content: Imaging. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all WebCenter Content: Imaging accessible data as well as unauthorized access to critical data or complete access to all WebCenter Content: Imaging accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
Published: 2026-06-16
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A network-based flaw in Oracle WebCenter Content: Imaging allows an unauthenticated attacker who can reach the HTTP interface to create, delete, or alter critical data, compromising the confidentiality and integrity of all content stored by the product. The vulnerability is an authentication bypass and improper access control flaw (CWE-284) that is exploited by sending specially crafted requests that bypass authentication checks and are treated as privileged commands, thereby giving the attacker full data-management rights.

Affected Systems

The flaw affects Oracle's WebCenter Content: Imaging product. Supported affected releases include 12.2.1.4.0 and 14.1.2.0.0. No additional version ranges are listed, and the problem is confined to the Core component.

Risk and Exploitability

The CVSS 3.1 score of 9.1 classifies it as critical, but the EPSS indicates a probability below 1%, suggesting it is rarely seen in the wild. It is not listed in the CISA KEV catalog. Attackers would need only network access to the HTTP port and do not require any local privileges or user authentication. Once accessed, the compromise grants the attacker the ability to read, modify, or delete data, effectively erasing the product’s data integrity guarantees.

Generated by OpenCVE AI on June 17, 2026 at 22:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s patch for CVE‑2026‑46784 released by Oracle, as referenced in the Oracle security alert.
  • Restrict HTTP access to the WebCenter Content: Imaging instance to trusted internal networks or VPNs to limit exposure to unauthenticated users.
  • Inspect system logs for unauthorized data‑creation, deletion, or modification actions and investigate any anomalies promptly.

Generated by OpenCVE AI on June 17, 2026 at 22:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Oracle webcenter Content
Vendors & Products Oracle webcenter Content

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Access Exploit in Oracle WebCenter Content: Imaging Leading to Data Manipulation
Weaknesses CWE-200
CWE-284
CWE-285
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the WebCenter Content: Imaging product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise WebCenter Content: Imaging. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all WebCenter Content: Imaging accessible data as well as unauthorized access to critical data or complete access to all WebCenter Content: Imaging accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
First Time appeared Oracle
Oracle webcenter Content Imaging
CPEs cpe:2.3:a:oracle:webcenter_content__imaging:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_content__imaging:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Content Imaging
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}


Subscriptions

Oracle Webcenter Content Webcenter Content Imaging
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T14:37:34.302Z

Reserved: 2026-05-18T15:55:10.297Z

Link: CVE-2026-46784

cve-icon Vulnrichment

Updated: 2026-06-17T14:37:07.087Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T08:00:07Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor

  • CWE-284

    Improper Access Control

  • CWE-285

    Improper Authorization