Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vendor description confirms unauthenticated HTTP exploitation with no user interaction, scope change to other Fusion Middleware products, and full takeover impacting confidentiality, integrity, and availability.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
AnalysisAI
Unauthenticated remote takeover of Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 is possible over HTTP via a flaw in the Security Framework component, with a scope change extending impact to additional Oracle Fusion Middleware products. The maximum CVSS 3.1 score of 10.0 reflects network-reachable exploitation with no authentication or user interaction and full confidentiality, integrity, and availability loss; no public exploit identified at time of analysis, but the trivial attack profile makes this a top-priority patch.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions - remote unauthenticated exploitation against default configurations of Oracle WebCenter Portal 12.2.1.4.0 or 14.1.2.0.0 over HTTP, with no user interaction required, per the AV:N/AC:L/PR:N/UI:N vector. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Every available signal points to maximum severity: CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H yields the rare 10.0 ceiling, indicating remote, low-complexity, unauthenticated, no-user-interaction exploitation with scope change and total CIA impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An external attacker scans the internet for Oracle WebCenter Portal login pages, identifies a vulnerable 12.2.1.4.0 or 14.1.2.0.0 instance by fingerprinting response headers and static assets, and sends a single crafted HTTP request to a Security Framework endpoint that bypasses authentication. Because the CVSS scope change extends impact beyond the portal, the attacker uses the resulting takeover to harvest stored credentials, identity tokens, and integration secrets, then pivots into connected Fusion Middleware components such as WebLogic-hosted applications and back-end content repositories. … |
| Remediation | Apply the patches delivered in the Oracle Critical Patch Update advisory of June 2026 (https://www.oracle.com/security-alerts/cspujun2026.html) for Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0; Oracle CPU bundles are the only vendor-released fix path and must be staged on a non-production environment first because Fusion Middleware patching often requires OPatch, domain restarts, and revalidation of customized portal applications. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 instances; document network exposure (internet-facing, DMZ, internal); correlate with access logs for suspicious activity. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Oracle Webcenter Portal
View allComplete takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by unauthenticated remote attackers
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 (Fusion Middleware, Runtime Tools component) allow
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows an authenticated low-privileged attacker to
Account/portal takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged remote attacker to
Takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HTT
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network
Privilege escalation to full takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged authe
Privilege escalation and full takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privi
Remote unauthenticated takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is possible via the Security Framew
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37321