Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Network-reachable T3/IIOP (AV:N), Oracle-rated easy exploitation (AC:L), requires any valid low-priv principal (PR:L), no interaction (UI:N), explicit scope change with full takeover (S:C/C:H/I:H/A:H).
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3, IIOP to compromise Oracle WebCenter Enterprise Capture. While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
AnalysisAI
Remote takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged attacker reaching the T3 or IIOP listeners, with a scope change that lets the compromise propagate to other Fusion Middleware components. CVSS 3.1 is rated 9.9 due to high confidentiality, integrity, and availability impact across a changed scope, and no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must reach the Oracle WebLogic T3 or IIOP listener of the WebCenter Enterprise Capture managed server (typically TCP 7001/7002 or the IIOP equivalent) and must already hold a low-privileged authenticated principal on the WebLogic/Capture domain (PR:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All available signals converge on a high real-world priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who obtains any low-privileged WebLogic or Capture account (e.g., via phishing, credential reuse, or a foothold on an adjacent internal host) opens a T3 or IIOP connection to the WebCenter Capture managed server and submits a crafted Client Bundle request that abuses the flaw to execute attacker-controlled logic in the server JVM. Because the CVSS vector includes S:C, the attacker can pivot beyond Capture into other co-hosted Fusion Middleware components, ultimately achieving full takeover of the Capture instance and impacting adjacent services. … |
| Remediation | Apply Patch available per vendor advisory by installing the fixes for Oracle WebCenter Enterprise Capture shipped in the Oracle Critical Patch Update of June 2026 (https://www.oracle.com/security-alerts/cspujun2026.html); Oracle does not publish a discrete fixed semver in the description, so consult the CPU patch matrix for the exact PSU/CPU identifier matching your 12.2.1.4.0 or 14.1.2.0.0 deployment. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify and inventory all Oracle WebCenter Enterprise Capture instances (12.2.1.4.0 and 14.1.2.0.0); assess network accessibility and restrict T3/IIOP listener access from untrusted networks. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Remote unauthenticated takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is possible via the RMI
Remote takeover of Oracle WebCenter Enterprise Capture (versions 12.2.1.4.0 and 14.1.2.0.0) is possible via the Client B
Remote takeover of Oracle WebCenter Enterprise Capture (versions 12.2.1.4.0 and 14.1.2.0.0) is possible by a low-privile
Takeover of Oracle WebCenter Enterprise Capture is achievable by a low-privileged remote attacker via the T3 protocol in
Authenticated takeover of Oracle WebCenter Enterprise Capture (12.2.1.4.0 and 14.1.2.0.0) is achievable by a low-privile
Remote takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacke
Remote takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is possible via the Client Bundle compo
Remote takeover of Oracle WebCenter Enterprise Capture (versions 12.2.1.4.0 and 14.1.2.0.0) is possible by a low-privile
Account takeover of Oracle WebCenter Enterprise Capture (12.2.1.4.0 and 14.1.2.0.0) is achievable by a low-privileged at
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37409