Impact
Vulnerability in Oracle WebCenter Content 14.1.2.0.0 allows an attacker who can reach the server over HTTP to create, delete or modify critical data without authenticating. The flaw is a cross‑site request forgery weakness that bypasses proper authorization checks. The CVE description explicitly states that successful attacks require human interaction from a person other than the attacker, indicating that the attacker relies on a victim clicking a malicious request. This can compromise the confidentiality and integrity of all content accessible through the application. The only outcome cited is unauthorized data modification; no denial‑of‑service effect is mentioned.
Affected Systems
Oracle WebCenter Content by Oracle Corporation, version 14.1.2.0.0. No other vendors or product versions are listed.
Risk and Exploitability
The CVSS 3.1 base score of 9.3 reflects high confidentiality and integrity impacts. The EPSS score is below 1 %, indicating a very low current exploitation probability, and the vulnerability is not listed in CISA’s KEV catalog. The vulnerability can be triggered over a normal HTTP connection; this is inferred as the likely attack vector because the description only notes network access as a prerequisite and does not specify the transport protocol. No privileged access or local execution is required, and no public exploits have been reported.
OpenCVE Enrichment