Description
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Published: 2026-06-16
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A remote unauthenticated vulnerability exists in Oracle WebCenter Content (component: Content Server) that can be exploited over HTTP. Successful exploitation enables an attacker to read critical data and potentially gain unrestricted access to all data accessible through the WebCenter Content platform, resulting in a severe confidentiality compromise. The weakness arises from improper input validation and authorization controls that allow requests to retrieve protected content without authentication.

Affected Systems

Oracle WebCenter Content version 14.1.2.0.0 is affected. The vulnerability applies to the Oracle Fusion Middleware stack that includes the Content Server component.

Risk and Exploitability

The CVSS 3.1 score of 7.5 indicates a high severity impact with a high confidentiality impact, while the EPSS score of less than 1% signals that exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is via an unauthenticated HTTP request to the WebCenter Content service, taking advantage of improper authorization checks.

Generated by OpenCVE AI on June 18, 2026 at 23:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify and apply any Oracle security patch or update for WebCenter Content 14.1.2.0.0; if a patch is not yet available, upgrade to a newer, supported release once available.
  • Enforce strict access control policies in WebCenter Content to ensure that only authenticated users can retrieve protected content, mitigating the authorization weakness.
  • Restrict network access to WebCenter Content by configuring firewalls or access control lists to allow only trusted IP ranges, and disable unnecessary HTTP endpoints.
  • Enable logging and monitoring for the Content Server to detect anomalous access patterns, and review logs regularly for signs of unsuccessful exploitation attempts.

Generated by OpenCVE AI on June 18, 2026 at 23:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Title Unauthenticated Data Exposure via HTTP in Oracle WebCenter Content

Thu, 18 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title Unauthenticated HTTP Exploit Grants Unauthorized Data Access in Oracle WebCenter Content
Weaknesses CWE-285

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated HTTP Exploit Grants Unauthorized Data Access in Oracle WebCenter Content
Weaknesses CWE-284
CWE-285
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
First Time appeared Oracle
Oracle webcenter Content
CPEs cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Content
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

Oracle Webcenter Content
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T14:54:54.588Z

Reserved: 2026-05-18T15:55:10.298Z

Link: CVE-2026-46791

cve-icon Vulnrichment

Updated: 2026-06-17T14:54:50.445Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T00:00:06Z

Weaknesses