EUVD-2026-37303Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Reachable over HTTP without credentials (AV:N/AC:L/PR:N), needs a logged-in victim to act (UI:R), crosses trust boundary into other Fusion Middleware (S:C), full read/write of data, no availability impact.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 9.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N).
AnalysisAI
Cross-component compromise of Oracle WebCenter Content 14.1.2.0.0 (Content Server) allows a remote unauthenticated attacker to read, create, modify, or delete all data accessible to the product after coaxing a victim into a single interaction over HTTP. The scope-changed nature means the impact extends beyond WebCenter Content into other Fusion Middleware components sharing trust with it. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must be able to reach the Content Server's HTTP interface over the network (default WebCenter Content deployment exposes this) and must lure an already-authenticated WebCenter Content user - typically an administrator or content manager whose session permits the privileged operations enabling the scope change - into interacting with attacker-controlled content such as opening a crafted URL or visiting a malicious page. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N tells a specific story: trivially reachable over the network with no credentials, but exploitation hinges on a victim user performing an action (UI:R), and the payoff is total data confidentiality and integrity loss across a wider trust boundary (S:C) with no service disruption. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker hosts a malicious page or sends a crafted link to a WebCenter Content user who already holds an active Content Server session in their browser; when the victim opens it, the page issues HTTP requests to Content Server that execute or read content under the victim's privileges. Because the vulnerability has a scope change, the resulting actions also impact data in adjacent Fusion Middleware components trusting WebCenter, enabling theft or tampering of business documents. … |
| Remediation | Apply the fixes shipped in Oracle's Critical Patch Update of June 2026 for Oracle Fusion Middleware / WebCenter Content 14.1.2.0.0 as documented at https://www.oracle.com/security-alerts/cspujun2026.html - exact patch identifier should be taken from that advisory as it is not enumerated in the input data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Oracle WebCenter Content 14.1.2.0.0 deployments; restrict HTTP access via firewall rules to trusted networks only; enable comprehensive audit logging for all content operations. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) allows a low-privilege
Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HT
Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacker sending HTTP req
Remote takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated network attackers to fully
Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via the Content Server
Share
External POC / Exploit Code
Leaving vuln.today