Description
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in Oracle WebCenter Content 14.1.2.0.0 and allows a high‑privileged attacker with network access over HTTP to compromise the application. Successful exploitation requires engagement from a user other than the attacker but can result in the attacker achieving full control over the system, causing loss of confidentiality, integrity, and availability.

Affected Systems

Oracle WebCenter Content version 14.1.2.0.0 hosted within Oracle Fusion Middleware.

Risk and Exploitability

The CVSS 3.1 base score of 8.4 indicates a high severity, while the EPSS score of less than 1% suggests that exploitation is unlikely but still plausible. The vulnerability is not listed in the CISA KEV catalog. An attacker would need to access the application over HTTP, possess high‑privilege credentials, and rely on a user to initiate the exploit, thereby creating a high‑impact scenario due to the scope change that may affect additional Oracle products.

Generated by OpenCVE AI on June 17, 2026 at 20:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Oracle patch for WebCenter Content 14.1.2.0.0.
  • Limit HTTP access to the application to trusted IP ranges or enforce VPN-only connections.
  • Enable comprehensive logging and alerting for privileged actions performed on the WebCenter Content servers.

Generated by OpenCVE AI on June 17, 2026 at 20:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H).
First Time appeared Oracle
Oracle webcenter Content
CPEs cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Content
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H'}

Subscriptions

Oracle Webcenter Content
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T14:46:36.817Z

Reserved: 2026-05-18T15:55:10.298Z

Link: CVE-2026-46788

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T22:30:05Z

Weaknesses

No weakness.