Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
RMI is network-reachable (AV:N) with no auth (PR:N) or interaction (UI:N); Oracle confirms scope change (S:C) with full takeover yielding C:H/I:H/A:H.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via RMI to compromise Oracle WebCenter Enterprise Capture. While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
AnalysisAI
Remote takeover of Oracle WebCenter Enterprise Capture (versions 12.2.1.4.0 and 14.1.2.0.0) is possible via the Client Bundle component over RMI, allowing unauthenticated network attackers to fully compromise the product and pivot into other Fusion Middleware components due to a CVSS scope change. With a maximum 10.0 CVSS score, low attack complexity, and no privileges or user interaction required, this is a top-priority issue, though no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions - remote unauthenticated exploitation against default configurations of Oracle WebCenter Enterprise Capture 12.2.1.4.0 or 14.1.2.0.0, provided the attacker can reach the RMI endpoint used by the Client Bundle component over the network. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All available signals point to maximum severity: CVSS 3.1 base score is 10.0 with AV:N/AC:L/PR:N/UI:N - a network, low-complexity, unauthenticated, no-user-interaction attack - and S:C indicates the impact extends beyond Capture into other Fusion Middleware products, with full C/I/A compromise (high impact across all three). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker on a network reachable to the Capture server's RMI port sends a crafted RMI invocation to the Client Bundle component that triggers the underlying flaw, resulting in code execution or full administrative takeover of the Capture service without any credentials or user interaction. Because of the CVSS scope change, the attacker then pivots through trust relationships into adjacent Fusion Middleware services (e.g., WebCenter Content, WebLogic domains) to access stored documents, identities, or backend databases. … |
| Remediation | Patch available per vendor advisory - apply the fixes bundled in the Oracle June 2026 Critical Patch Update (https://www.oracle.com/security-alerts/cspujun2026.html) for both Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0; exact post-patch version identifiers should be taken directly from Oracle's CPU patch matrix. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Oracle WebCenter Enterprise Capture deployments and identify systems running versions 12.2.1.4.0 or 14.1.2.0.0; disable RMI component network access where operationally feasible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Remote unauthenticated takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is possible via the RMI
Remote takeover of Oracle WebCenter Enterprise Capture (versions 12.2.1.4.0 and 14.1.2.0.0) is possible by a low-privile
Takeover of Oracle WebCenter Enterprise Capture is achievable by a low-privileged remote attacker via the T3 protocol in
Authenticated takeover of Oracle WebCenter Enterprise Capture (12.2.1.4.0 and 14.1.2.0.0) is achievable by a low-privile
Remote takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacke
Remote takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is possible via the Client Bundle compo
Remote takeover of Oracle WebCenter Enterprise Capture (versions 12.2.1.4.0 and 14.1.2.0.0) is possible by a low-privile
Remote takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged attac
Account takeover of Oracle WebCenter Enterprise Capture (12.2.1.4.0 and 14.1.2.0.0) is achievable by a low-privileged at
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37296