Description
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 8.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N).
Published: 2026-06-16
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability exists in Oracle WebCenter Content 14.1.2.0.0 that allows a low‑privileged attacker with HTTP network access to create, delete or modify data that may be critical to the organization. The attack requires human interaction from another user to provide valid credentials or to trigger the vulnerable function. The impact is primarily on confidentiality and integrity, with no direct availability effects. The CVSS 3.1 base score of 8.7 reflects the significant risk to the system’s data. Affected systems are Oracle WebCenter Content 14.1.2.0.0, a component of Oracle Fusion Middleware’s Content Server. This version is supported and the vulnerability is specific to it; however, the scope change noted in the advisory indicates that successful exploitation could also impact other Oracle products that rely on the same underlying infrastructure. The risk is high because the vulnerability is easily exploitable: the attacker only needs network access to the HTTP interface and low privileges. The EPSS score is less than 1 %, indicating a currently low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote HTTP access; the requirement for human interaction does not reduce the vulnerability’s seriousness but may make exploitation harder in practice.

Affected Systems

Oracle WebCenter Content version 14.1.2.0.0, part of Oracle Fusion Middleware’s Content Server component.

Risk and Exploitability

The vulnerability’s CVSS score of 8.7 highlights a serious confidentiality‑and‑integrity risk that can be leveraged through remote HTTP access by a low‑privileged user who can obtain credentials from an ordinary worker. While the EPSS score indicates that exploitation is currently uncommon, the possibility that the flaw can cause a scope change means that related Oracle services could also be compromised. The lack of a KEV listing does not diminish the threat, as a high CVSS score combined with the requirement for only low privileges keeps this CVSS score high and indicative of a major security problem.

Generated by OpenCVE AI on June 17, 2026 at 20:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Oracle patch for WebCenter Content 14.1.2.0.0 released in the August 2026 advisory.
  • Restrict HTTP access to the WebCenter Content server to trusted IP ranges and block unauthenticated or low‑privilege traffic.
  • Enforce least‑privilege for all WebCenter Content user accounts and limit write permissions on critical data objects.
  • Enable detailed audit logging for content creation, modification, and deletion operations to detect unauthorized activities.
  • Monitor user activity for suspicious patterns and employ behavior‑based detection to identify potential exploitation.

Generated by OpenCVE AI on June 17, 2026 at 20:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 8.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N).
First Time appeared Oracle
Oracle webcenter Content
CPEs cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Content
References
Metrics cvssV3_1

{'score': 8.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N'}

Subscriptions

Oracle Webcenter Content
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T15:20:14.716Z

Reserved: 2026-05-18T15:55:10.301Z

Link: CVE-2026-46808

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T23:30:15Z

Weaknesses

No weakness.