Severity by source
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Network-reachable HTTP service (AV:N/AC:L), attacker needs a low-privileged account (PR:L), a second user must interact (UI:R), and Oracle states full takeover so C/I/A:H with scope unchanged.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).
AnalysisAI
Account takeover in Oracle WebCenter Sites 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged authenticated attacker with HTTP network access to fully compromise the product when a victim user is tricked into interacting with attacker-supplied content. Oracle rates the flaw 8.0 (high) with confidentiality, integrity, and availability all marked High. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires (1) a valid low-privileged Oracle WebCenter Sites user account (CVSS PR:L) able to reach the application over HTTP, (2) network reachability to the WebCenter Sites web tier, and (3) a separate, higher-privileged user (editor, approver, or administrator) interacting with attacker-supplied content inside the WebCenter Sites UI (CVSS UI:R, 'human interaction from a person other than the attacker'). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | This is a high-severity issue (CVSS 8.0) but its real-world risk is bounded by two clear limiting factors visible in the vector: PR:L means the attacker must already hold a low-privileged WebCenter Sites account, and UI:R means a second user must perform an action for the attack to succeed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A low-privileged contributor account on the targeted WebCenter Sites instance - obtained via phishing, weak self-service signup, or insider access - is used to plant a malicious payload (for example, a crafted asset, template snippet, or workflow comment) and then send a routine 'please review' request to an editor or administrator. When the higher-privileged user opens the item in the WebCenter Sites UI, the payload executes in their authenticated session and the attacker uses that session to perform admin-level actions, escalating to takeover of the WebCenter Sites application. … |
| Remediation | Apply the fixes shipped in the Oracle Critical Patch Update of June 2026 as published at https://www.oracle.com/security-alerts/cspujun2026.html; Oracle distributes WebCenter Sites patches through My Oracle Support and the exact patched build numbers should be taken directly from that CPU page (patch available per vendor advisory; an independently confirmed fix version is not present in the supplied data). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all systems running Oracle WebCenter Sites 12.2.1.4.0 or 14.1.2.0.0 and assess network exposure. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Oracle Webcenter Sites
View allRemote unauthenticated takeover of Oracle WebCenter Sites 12.2.1.4.0 and 14.1.2.0.0 is possible over HTTP, with a maximu
Remote takeover of Oracle WebCenter Sites 12.2.1.4.0 and 14.1.2.0.0 is possible by unauthenticated network attackers ove
Remote unauthenticated takeover of Oracle WebCenter Sites 12.2.1.4.0 and 14.1.2.0.0 is possible over HTTP, with the vend
Unauthenticated remote takeover of Oracle WebCenter Sites 12.2.1.4.0 and 14.1.2.0.0 is possible via HTTP, allowing attac
Remote takeover of Oracle WebCenter Sites 12.2.1.4.0 and 14.1.2.0.0 is possible by unauthenticated attackers over HTTP,
Remote code execution and full product takeover affects Oracle WebCenter Sites 14.1.2.0.0 within Oracle Fusion Middlewar
Remote takeover of Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated network attackers to
Unauthenticated remote compromise of Oracle WebCenter Sites 12.2.1.4.0 and 14.1.2.0.0 is possible via HTTP, allowing att
Account takeover in Oracle WebCenter Sites 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged remote attacker with HTTP a
Takeover of Oracle WebCenter Sites 12.2.1.4.0 and 14.1.2.0.0 is possible when a low-privileged attacker with HTTP networ
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37314