Impact
A network-based flaw in Oracle WebCenter Content: Imaging allows an unauthenticated attacker who can reach the HTTP interface to create, delete, or alter critical data, compromising the confidentiality and integrity of all content stored by the product. The vulnerability is an authentication bypass and improper access control flaw (CWE-284) that is exploited by sending specially crafted requests that bypass authentication checks and are treated as privileged commands, thereby giving the attacker full data-management rights.
Affected Systems
The flaw affects Oracle's WebCenter Content: Imaging product. Supported affected releases include 12.2.1.4.0 and 14.1.2.0.0. No additional version ranges are listed, and the problem is confined to the Core component.
Risk and Exploitability
The CVSS 3.1 score of 9.1 classifies it as critical, but the EPSS indicates a probability below 1%, suggesting it is rarely seen in the wild. It is not listed in the CISA KEV catalog. Attackers would need only network access to the HTTP port and do not require any local privileges or user authentication. Once accessed, the compromise grants the attacker the ability to read, modify, or delete data, effectively erasing the product’s data integrity guarantees.
OpenCVE Enrichment