Impact
The Oracle WebCenter Sites product suffers from an easily exploitable flaw that permits an unauthenticated attacker with network access via HTTP to take full control. The vulnerability stems from improper access control, allowing the attacker to compromise confidentiality, integrity, and availability. Successful exploitation can lead to a complete takeover of the WebCenter Sites instance, effectively erasing any separation between administrators and attackers.
Affected Systems
Oracle WebCenter Sites 12.2.1.4.0 and 14.1.2.0.0 from Oracle Corporation are affected.
Risk and Exploitability
The CVSS score of 9.8 signals a critical severity, while the EPSS score of less than 1% indicates a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote over HTTP, requiring no user interaction or authentication, and could allow a complete compromise of the application.
OpenCVE Enrichment