Impact
A vulnerability in Oracle WebCenter Content 14.1.2.0.0 allows an unauthenticated attacker with network access via HTTP to compromise the system. The flaw requires that the attacker act without authentication but also requires a human interaction from a user other than the attacker; once triggered it enables the attacker to create, delete, or modify data and to gain unauthorized access to all content. The defect is identified as CWE‑352, a weakness that permits the forging of requests on behalf of a user, and results in confidentiality and integrity impacts and can be considered a difficult‑to‑exploit flaw according to the vendor’s assessment.
Affected Systems
Oracle WebCenter Content 14.1.2.0.0 is affected. The vulnerability may also impact additional Oracle products that rely on the Content Server component, as the scope can change if the flaw is exploited.
Risk and Exploitability
The CVSS score of 8.0 indicates a high severity. The EPSS score of less than 1% suggests that the likelihood of exploitation is currently very low, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires network access to the HTTP endpoint; the attacker is unauthenticated, but a separate human user must be involved to trigger the vulnerability. Given the high impact on confidentiality and integrity, the risk remains significant even with low exploitation probability.
OpenCVE Enrichment