EUVD-2026-37308Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Unauthenticated HTTP access with no complexity yields partial read-only impact; no integrity, availability, or scope change applies.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
AnalysisAI
Unauthorized information disclosure in Oracle WebCenter Content 14.1.2.0.0 exposes a subset of managed content to remote unauthenticated attackers via HTTP against the Content Server component. The intelligence tags classify the mechanism as an Authentication Bypass, suggesting the Content Server fails to enforce access controls on certain requests before serving content. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions required beyond HTTP network access to an Oracle WebCenter Content 14.1.2.0.0 Content Server instance. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 5.3 (Medium) is anchored by a confidentiality-only impact of C:L, meaning exploitation yields partial read access rather than full data compromise. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated remote attacker with HTTP access to an Oracle WebCenter Content 14.1.2.0.0 deployment sends crafted requests to the Content Server, bypassing authentication checks to retrieve content documents or metadata they are not authorized to access. The low attack complexity means no prior reconnaissance or special tooling is required - standard HTTP clients suffice. … |
| Remediation | Apply the patches released by Oracle under the June 2026 Critical Patch Update (CPU), referenced at https://www.oracle.com/security-alerts/cspujun2026.html, for Oracle WebCenter Content 14.1.2.0.0. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) allows a low-privilege
Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HT
Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacker sending HTTP req
Remote takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated network attackers to fully
Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via the Content Server
Share
External POC / Exploit Code
Leaving vuln.today