Skip to main content

Oracle WebCenter Enterprise Capture CVE-2026-35284

| EUVDEUVD-2026-37413 CRITICAL
Improper Access Control (CWE-284)
2026-06-16 oracle
9.9
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
9.9 CRITICAL

T3/IIOP is network-reachable (AV:N), requires only a low-privileged WebLogic account (PR:L), no user interaction, and Oracle confirms scope change with full CIA takeover.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 21:26 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3, IIOP to compromise Oracle WebCenter Enterprise Capture. While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

AnalysisAI

Remote takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacker who can reach the server's T3 or IIOP listener, with a scope change extending impact to additional Fusion Middleware components. Oracle rates the flaw CVSS 9.9 with full confidentiality, integrity, and availability impact; no public exploit identified at time of analysis and the CVE is not currently in CISA KEV.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Obtain low-privileged Capture credential
Delivery
Reach WebLogic T3/IIOP listener
Exploit
Send crafted Client Bundle request
Install
Trigger server-side processing flaw
C2
Gain code execution in WebLogic JVM
Execute
Pivot via scope change to other Fusion Middleware components
Impact
Exfiltrate captured documents and persist

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) network reachability to the WebLogic T3 or IIOP listener of the Oracle WebCenter Enterprise Capture deployment - these are non-HTTP Java remoting ports and are frequently restricted to internal or management networks - and (2) a valid low-privileged account on the WebLogic/Capture security realm (CVSS PR:L), so fully anonymous internet exploitation is not in scope per the vendor's CVSS vector. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H is severe: network-reachable, low complexity, only a low-privileged account needed, no user interaction, and a scope change that lets the compromise reach other Fusion Middleware products co-hosted on the same WebLogic domain. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained any low-privileged account on the Capture/WebLogic realm - for example, a basic Capture operator credential harvested via phishing or reused from another internal system - connects to the WebLogic listen port and sends a crafted T3 or IIOP request to the Client Bundle interface. The request causes the server to process attacker-controlled data in a way that yields code execution or full administrative takeover within the WebLogic JVM, and because the CVSS scope is changed, the attacker then pivots into other Fusion Middleware components hosted in the same domain to exfiltrate documents and persist. …
Remediation Apply the patches referenced in Oracle's June 2026 Critical Patch Update (https://www.oracle.com/security-alerts/cspujun2026.html) for both 12.2.1.4.0 and 14.1.2.0.0 - Patch available per vendor advisory; an exact patched build number is not enumerated in the input data and should be taken from the CPU patch matrix at deployment time. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and inventory all systems running WebCenter Enterprise Capture versions 12.2.1.4.0 or 14.1.2.0.0; restrict network access to T3 and IIOP listener ports via firewall rules; enable enhanced audit logging. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-35284 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy