Description
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 8.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N).
Published: 2026-06-16
Score: 8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in Oracle WebCenter Content 14.1.2.0.0 allows an unauthenticated attacker with network access via HTTP to compromise the system. The flaw requires that the attacker act without authentication but also requires a human interaction from a user other than the attacker; once triggered it enables the attacker to create, delete, or modify data and to gain unauthorized access to all content. The defect is identified as CWE‑352, a weakness that permits the forging of requests on behalf of a user, and results in confidentiality and integrity impacts and can be considered a difficult‑to‑exploit flaw according to the vendor’s assessment.

Affected Systems

Oracle WebCenter Content 14.1.2.0.0 is affected. The vulnerability may also impact additional Oracle products that rely on the Content Server component, as the scope can change if the flaw is exploited.

Risk and Exploitability

The CVSS score of 8.0 indicates a high severity. The EPSS score of less than 1% suggests that the likelihood of exploitation is currently very low, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires network access to the HTTP endpoint; the attacker is unauthenticated, but a separate human user must be involved to trigger the vulnerability. Given the high impact on confidentiality and integrity, the risk remains significant even with low exploitation probability.

Generated by OpenCVE AI on June 18, 2026 at 23:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch or upgrade to a later version following Oracle’s security advisory for this vulnerability
  • Restrict HTTP access to the WebCenter Content server to trusted internal networks or VPNs only, and consider disabling unsecured HTTP endpoints
  • Monitor network traffic for anomalous HTTP activity targeting the Content Server and verify that access controls are correctly enforcing authentication

Generated by OpenCVE AI on June 18, 2026 at 23:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Title Unauthorized HTTP Interaction Enables Data Modification in Oracle WebCenter Content

Thu, 18 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Title Unauthenticated WebCenter Content Access Exploit Allowing Data Modification
Weaknesses CWE-284

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated WebCenter Content Access Exploit Allowing Data Modification
Weaknesses CWE-284
CWE-352
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 8.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N).
First Time appeared Oracle
Oracle webcenter Content
CPEs cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Content
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N'}


Subscriptions

Oracle Webcenter Content
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-19T03:55:55.512Z

Reserved: 2026-05-18T15:55:10.298Z

Link: CVE-2026-46787

cve-icon Vulnrichment

Updated: 2026-06-17T14:44:58.238Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T00:00:06Z

Weaknesses
  • CWE-352

    Cross-Site Request Forgery (CSRF)