Impact
The flaw resides in the Security Framework component of Oracle WebCenter Portal, allowing an attacker who is only a low‑privileged user with network access via HTTPS to take full control of the portal. The vulnerability can compromise confidentiality, integrity, and availability and, due to a scope change, may also impact other Fusion Middleware products that interact with the portal.
Affected Systems
Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 are affected. These releases are listed under Oracle Corporation for the WebCenter Portal product.
Risk and Exploitability
The CVSS 3.1 base score of 9.9 highlights critical severity, with low attack complexity and low required privileges, and no user interaction needed. The EPSS score of less than 1% indicates a low current exploitation probability, and the vulnerability is not present in CISA’s KEV catalog. The attack vector is inferred to be an initial HTTPS connection to the portal, after which the attacker exploits the unsecured Security Framework to achieve remote code execution and portal takeover.
OpenCVE Enrichment