Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Oracle confirms HTTP-reachable, easily exploitable flaw needing one low-privileged Imaging account, no user interaction, yielding full takeover of the Imaging component without scope change.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Vulnerability in the WebCenter Content: Imaging product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise WebCenter Content: Imaging. Successful attacks of this vulnerability can result in takeover of WebCenter Content: Imaging. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
AnalysisAI
Account takeover in Oracle WebCenter Content: Imaging (Fusion Middleware) allows a low-privileged authenticated attacker with HTTP network access to fully compromise the Imaging component on versions 12.2.1.4.0 and 14.1.2.0.0. Oracle rates the flaw CVSS 8.8 with high impact across confidentiality, integrity, and availability, and describes it as 'easily exploitable.' No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Technical ContextAI
Oracle WebCenter Content: Imaging is the Fusion Middleware component that handles document imaging, capture, and content workflow on top of the WebCenter Content repository, typically deployed as a Java EE application on Oracle WebLogic Server. The advisory pinpoints the 'Core' subcomponent, indicating the flaw resides in the central Imaging logic rather than a peripheral integration adapter. No CWE is published by Oracle (per their standard CPU disclosure practice), but the combination of low-privilege HTTP access leading to product takeover is characteristic of authorization bypass or unsafe deserialization classes historically seen in WebCenter/WebLogic CPUs. The CPE 'cpe:2.3:a:oracle_corporation:webcenter_content:_imaging' confirms the Imaging product line is the affected surface.
RemediationAI
Apply the patches delivered in the Oracle Critical Patch Update of June 2026 referenced at https://www.oracle.com/security-alerts/cspujun2026.html, which is the only vendor-released fix for WebCenter Content: Imaging 12.2.1.4.0 and 14.1.2.0.0; exact patched build numbers are listed in the CPU patch matrix and must be obtained from My Oracle Support. Until the CPU bundle can be staged, restrict network reachability to the Imaging HTTP endpoints by placing the WebLogic managed server behind an authenticated reverse proxy or firewall ACL limited to trusted internal subnets, and audit Imaging user accounts to remove or strongly credential any low-privileged accounts (the PR:L requirement means even a basic Imaging user can be abused), accepting that proxy/ACL changes may break legitimate external capture clients or integrated business applications. Disabling the Imaging managed server entirely is a last-resort workaround that halts document capture workflows but eliminates the attack surface until patching.
More in Webcenter Content
View allVulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate
Remote unauthenticated takeover of Oracle WebCenter Content: Imaging (versions 12.2.1.4.0 and 14.1.2.0.0) is possible vi
Unauthenticated remote compromise of Oracle WebCenter Content: Imaging (component: Core) in Oracle Fusion Middleware ver
Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate
Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate
Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate
Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate
Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate
Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Rated med
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Rated med
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37298