Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Network-reachable HTTPS endpoint with low complexity, requires a low-privilege portal account (PR:L), no user interaction, and Oracle explicitly calls out scope change with full takeover impact.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle WebCenter Portal. While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
AnalysisAI
Account/portal takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged remote attacker to compromise the product over HTTPS with low attack complexity, and because the scope changes the impact extends beyond WebCenter Portal itself to additional integrated Fusion Middleware components. The flaw, disclosed in Oracle's June 2026 Critical Patch Update, carries a CVSS 3.1 base score of 9.9 with full confidentiality, integrity, and availability impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must hold valid low-privilege credentials to the Oracle WebCenter Portal instance (PR:L) and must be able to reach its HTTPS interface over the network; no user interaction is required and no non-default configuration is called out by Oracle, so any standard deployment of WebCenter Portal 12.2.1.4.0 or 14.1.2.0.0 exposed to a population of authenticated users is in scope. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H is internally consistent with the description: any authenticated portal user - a population that is often large and loosely vetted in collaborative deployments - can reach the bug over HTTPS, and a scope change with H/H/H impact gives this real teeth. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker obtains or registers a low-privilege portal account (for example via an extranet self-service flow, a phished employee credential, or an over-permissioned partner account), authenticates to the WebCenter Portal HTTPS endpoint, and sends a crafted request that abuses the Security Framework to elevate to administrative control of the portal. Because the scope changes, the attacker then leverages the portal's trust relationship to act against integrated Fusion Middleware components - reading or modifying content in WebCenter Content, harvesting identity data, or pivoting into back-end systems. … |
| Remediation | Apply the Oracle Critical Patch Update from June 2026 referenced at https://www.oracle.com/security-alerts/cspujun2026.html to both affected branches (12.2.1.4.0 and 14.1.2.0.0); Oracle CPUs are cumulative, so install the latest bundle patch for your branch rather than picking individual fixes. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all systems running WebCenter Portal 12.2.1.4.0 or 14.1.2.0.0; assess current low-privileged portal user population; verify network segmentation between WebCenter Portal and critical Fusion Middleware systems. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Oracle Webcenter Portal
View allComplete takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by unauthenticated remote attackers
Unauthenticated remote takeover of Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 is possible over HTTP via
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 (Fusion Middleware, Runtime Tools component) allow
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows an authenticated low-privileged attacker to
Takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HTT
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network
Privilege escalation to full takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged authe
Privilege escalation and full takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privi
Remote unauthenticated takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is possible via the Security Framew
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37336