Impact
A vulnerability in Oracle WebCenter Content allows an attacker with low privileges and network access over HTTP to exploit the system and create, delete, or modify critical data, effectively taking full control of all data accessible in the Content Server. The flaw requires user interaction from a person other than the attacker, indicating that social engineering or a targeted trigger is needed to complete the exploitation. This flaw can be leveraged to bypass normal security controls, undermining both confidentiality and integrity of the stored data.
Affected Systems
Oracle Corporation’s WebCenter Content product, specifically version 14.1.2.0.0, is affected. Although the issue resides in WebCenter Content, it has the potential to impact other applications within the Oracle Fusion Middleware stack because the associated CVE states a scope change. No other products or versions are explicitly listed as affected.
Risk and Exploitability
The vulnerability carries a CVSS 3.1 base score of 8.7, indicating high severity. The EPSS score is below 1%, suggesting a low current probability of exploitation, and it is not listed in the CISA KEV catalog. Exploitation requires network connectivity via HTTP, low privileged access, and active user participation, which points to an attack path that hinges on social engineering. The combination of a high impact potential with a low likelihood of exploitation places the risk at moderate to high for environments that expose WebCenter Content to untrusted networks or users. Organizations should treat this as a significant security concern because successful exploitation would grant extensive unauthorized control over all accessible data in the environment.
OpenCVE Enrichment