Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Network-reachable HTTP endpoint (AV:N), Oracle states easily exploitable (AC:L), any authenticated portal user suffices (PR:L), no victim interaction (UI:N), scope change into Fusion Middleware (S:C) with full takeover (C/I/A:H).
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Composer). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Portal. While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
AnalysisAI
Privilege escalation to full takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged authenticated attacker with HTTP network access to compromise the Composer component and, due to a CVSS scope change, impact additional downstream products. The flaw carries a CVSS 3.1 base score of 9.9 and is marked easily exploitable by Oracle, though no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker needs network reachability to the Oracle WebCenter Portal HTTP(S) endpoint and any low-privileged authenticated session on the portal (PR:L) - typically any standard portal user account, including self-registered ones where open registration is enabled. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All available signals point to a high-priority issue: CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H yields 9.9 - network-reachable, low complexity, only low privileges required, no user interaction, scope-changing with full confidentiality, integrity, and availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker obtains or registers a low-privileged account on an internet-exposed Oracle WebCenter Portal (a standard portal user, self-service registrant, or a phished employee credential), then sends a crafted HTTP request to the Composer component that abuses its customization logic to escape the portal's authorization boundary. Because of the CVSS scope change, the resulting code or data-access primitive lands in the surrounding Fusion Middleware/WebLogic context, giving the attacker full takeover of the portal and a foothold into integrated content and identity systems. … |
| Remediation | Apply the patches from the Oracle Critical Patch Update of June 2026 referenced at https://www.oracle.com/security-alerts/cspujun2026.html as the primary remediation; Oracle bundles the WebCenter Portal fixes for 12.2.1.4.0 and 14.1.2.0.0 within that CPU and the exact post-patch build numbers are listed in the advisory's product-specific patch matrix. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all systems running Oracle WebCenter Portal 12.2.1.4.0 or 14.1.2.0.0; restrict network access to the Composer component and enforce strict authentication controls limiting session privileges to authorized administrators. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Oracle Webcenter Portal
View allComplete takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by unauthenticated remote attackers
Unauthenticated remote takeover of Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 is possible over HTTP via
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 (Fusion Middleware, Runtime Tools component) allow
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows an authenticated low-privileged attacker to
Account/portal takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged remote attacker to
Takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HTT
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network
Privilege escalation and full takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privi
Remote unauthenticated takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is possible via the Security Framew
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37456