Impact
The vulnerability resides in the Content Server component of Oracle WebCenter Content, allowing an unauthenticated attacker with network access through HTTP to exercise privileged actions and potentially execute arbitrary code. This reflects the weakness of lack of authentication (CWE‑306). The attack can lead to a full system takeover with complete loss of confidentiality, integrity, and availability.
Affected Systems
Affected are Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 as part of Oracle Fusion Middleware. These versions are enumerated by Oracle and listed in the security alert.
Risk and Exploitability
The base score of 9.8 signals critical severity, yet the EPSS indicates a very low probability of exploitation (<1%). The vulnerability is not cataloged in CISA KEV, implying no known active exploitation. The attack vector is network-based over HTTP, and no authentication is required, making it readily exploitable if the system is reachable from outside.
OpenCVE Enrichment