Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Oracle describes unauthenticated, network-reachable RMI exploitation with full CIA takeover and impact on adjacent products, justifying AV:N/AC:L/PR:N/UI:N with scope change and high CIA.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via RMI to compromise Oracle WebCenter Enterprise Capture. While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
AnalysisAI
Remote unauthenticated takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is possible via the RMI-based Client Bundle component, with a maximum CVSS 3.1 score of 10.0 due to a scope change that impacts additional products. Oracle's June 2026 CPU advisory is the authoritative source, and no public exploit identified at time of analysis, though the AV:N/AC:L/PR:N/UI:N profile makes weaponization plausible once technical details emerge.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network reachability to the Oracle WebCenter Enterprise Capture server's RMI listener (Client Bundle component) on a host running version 12.2.1.4.0 or 14.1.2.0.0; no authentication, no user interaction, and no special configuration toggles are called out by Oracle, so default deployments that expose RMI to reachable network segments are vulnerable. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All available signals point to top-tier priority: CVSS 3.1 base is 10.0 with AV:N/AC:L/PR:N/UI:N and a scope change, meaning a network-reachable, unauthenticated attacker with low complexity can fully compromise confidentiality, integrity, and availability and reach beyond the vulnerable product. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network reachability to the Capture server's RMI port crafts a malicious RMI invocation against the Client Bundle endpoint, triggering the underlying flaw without any credentials or user interaction. Because the scope changes, the resulting code execution or service takeover extends beyond Capture into adjacent Fusion Middleware components sharing the same WebLogic domain, enabling lateral movement to content repositories and integration accounts. … |
| Remediation | Apply the patch available per vendor advisory in the Oracle June 2026 Critical Patch Update at https://www.oracle.com/security-alerts/cspujun2026.html, which is the primary fix for both 12.2.1.4.0 and 14.1.2.0.0; exact post-patch build identifiers should be taken directly from that advisory since the input does not include a discrete fix version string. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify all systems running Oracle WebCenter Enterprise Capture 12.2.1.4.0 or 14.1.2.0.0; restrict network access to the RMI Client Bundle component from untrusted sources. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Remote takeover of Oracle WebCenter Enterprise Capture (versions 12.2.1.4.0 and 14.1.2.0.0) is possible via the Client B
Remote takeover of Oracle WebCenter Enterprise Capture (versions 12.2.1.4.0 and 14.1.2.0.0) is possible by a low-privile
Takeover of Oracle WebCenter Enterprise Capture is achievable by a low-privileged remote attacker via the T3 protocol in
Authenticated takeover of Oracle WebCenter Enterprise Capture (12.2.1.4.0 and 14.1.2.0.0) is achievable by a low-privile
Remote takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacke
Remote takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is possible via the Client Bundle compo
Remote takeover of Oracle WebCenter Enterprise Capture (versions 12.2.1.4.0 and 14.1.2.0.0) is possible by a low-privile
Remote takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged attac
Account takeover of Oracle WebCenter Enterprise Capture (12.2.1.4.0 and 14.1.2.0.0) is achievable by a low-privileged at
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37299