Description
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Published: 2026-06-16
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an unauthenticated attacker to access a subset of data through the Oracle WebCenter Content server. It stems from missing authentication checks for HTTP requests, granting confidentiality exposure to authorized data. The flaw can be exploited without privileged credentials, leading to potential data leakage.

Affected Systems

Oracle WebCenter Content component of Oracle Fusion Middleware, version 14.1.2.0.0. The affected product is distributed by Oracle Corporation.

Risk and Exploitability

The CVSS v3.1 base score is 5.3, indicating a moderate severity primarily affecting confidentiality. The EPSS score is below 1%, suggesting a low probability of exploitation in the wild and the vulnerability is not currently listed in the CISA KEV catalog. Exploitation requires only network connectivity to the HTTP service and no authentication, making it easily actionable by remote actors.

Generated by OpenCVE AI on June 17, 2026 at 18:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Oracle WebCenter Content to a patched version that resolves the authentication bypass.
  • Restrict HTTP access to the WebCenter Content service to trusted hosts or VPN endpoints and configure firewall rules accordingly.
  • Monitor HTTP access logs for anomalous requests that may indicate attempts to read restricted data, and apply intrusion detection or rate limiting.

Generated by OpenCVE AI on June 17, 2026 at 18:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
First Time appeared Oracle
Oracle webcenter Content
CPEs cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Content
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Oracle Webcenter Content
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T14:54:10.046Z

Reserved: 2026-05-18T15:55:10.298Z

Link: CVE-2026-46790

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T03:30:02Z

Weaknesses

No weakness.