Description
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 8.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N).
Published: 2026-06-16
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in Oracle WebCenter Content allows an attacker with low privileges and network access over HTTP to exploit the system and create, delete, or modify critical data, effectively taking full control of all data accessible in the Content Server. The flaw requires user interaction from a person other than the attacker, indicating that social engineering or a targeted trigger is needed to complete the exploitation. This flaw can be leveraged to bypass normal security controls, undermining both confidentiality and integrity of the stored data.

Affected Systems

Oracle Corporation’s WebCenter Content product, specifically version 14.1.2.0.0, is affected. Although the issue resides in WebCenter Content, it has the potential to impact other applications within the Oracle Fusion Middleware stack because the associated CVE states a scope change. No other products or versions are explicitly listed as affected.

Risk and Exploitability

The vulnerability carries a CVSS 3.1 base score of 8.7, indicating high severity. The EPSS score is below 1%, suggesting a low current probability of exploitation, and it is not listed in the CISA KEV catalog. Exploitation requires network connectivity via HTTP, low privileged access, and active user participation, which points to an attack path that hinges on social engineering. The combination of a high impact potential with a low likelihood of exploitation places the risk at moderate to high for environments that expose WebCenter Content to untrusted networks or users. Organizations should treat this as a significant security concern because successful exploitation would grant extensive unauthorized control over all accessible data in the environment.

Generated by OpenCVE AI on June 18, 2026 at 23:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict inbound HTTP traffic to the WebCenter Content server by firewalling or placing it behind a VPN and limiting it to trusted IP ranges
  • Implement or enforce multi‑factor authentication and disable or tightly control the default low‑privileged accounts that the vulnerability exploits
  • Educate users about the risk of social‑engineering attacks that could trigger the vulnerable action and enforce strict verification procedures for any new content creation or deletion requests
  • If possible, isolate the WebCenter Content service from the public internet and monitor logs for anomalous HTTP activity that could indicate exploitation attempts
  • Check Oracle’s security advisories regularly to determine if an official patch or upgrade is released and apply it when available

Generated by OpenCVE AI on June 18, 2026 at 23:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via HTTP with User Interaction in Oracle WebCenter Content 14.1.2.0.0

Thu, 18 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title Low-Privilege HTTP Exploit Enables Unauthorized Data Modification in Oracle WebCenter Content
Weaknesses CWE-276
CWE-285

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Low-Privilege HTTP Exploit Enables Unauthorized Data Modification in Oracle WebCenter Content
Weaknesses CWE-269
CWE-276
CWE-285
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 8.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N).
First Time appeared Oracle
Oracle webcenter Content
CPEs cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Content
References
Metrics cvssV3_1

{'score': 8.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N'}


Subscriptions

Oracle Webcenter Content
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-19T03:56:07.528Z

Reserved: 2026-05-18T15:55:10.300Z

Link: CVE-2026-46804

cve-icon Vulnrichment

Updated: 2026-06-17T15:17:27.097Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T00:00:06Z

Weaknesses
  • CWE-269

    Improper Privilege Management