Impact
The vulnerability is an authentication bypass that permits an unauthenticated attacker to acquire fully authorized privileges. Successful exploitation can result in complete takeover of the Oracle WebCenter Sites application, exposing all managed content, configuration data, and potentially the underlying host. The CVSS 3.1 Base Score of 9.8 captures maximum confidentiality, integrity, and availability impact.
Affected Systems
Affected are Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0. These releases are part of the Oracle Fusion Middleware suite and are deployed by organizations for web content and collaborative services.
Risk and Exploitability
The CVSS Base Score of 9.8 indicates critical severity. The EPSS score of <1% signals a low probability of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog, but it can be exploited over plain HTTP from any external network, requiring only network access and no authentication. This easy exploitation path increases the feasibility for an attacker.
OpenCVE Enrichment