EUVD-2026-37313Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Network-reachable HTTP endpoint with no attacker auth (AV:N/AC:L/PR:N); requires victim interaction (UI:R); scope change to other Oracle products (S:C); high confidentiality and integrity impact, no availability effect.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 9.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N).
AnalysisAI
Cross-product compromise of Oracle WebCenter Content 14.1.2.0.0 (Fusion Middleware Content Server) allows a remote unauthenticated attacker to abuse a victim's browser session to gain high-impact read and write access to all WebCenter Content data, with scope change extending the impact to additional Oracle products. The CVSS 3.1 base score is 9.3 with a scope-changed vector requiring user interaction (UI:R), and no public exploit identified at time of analysis.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires (1) a reachable Oracle WebCenter Content 14.1.2.0.0 Content Server instance over HTTP/HTTPS, and (2) human interaction from a different user than the attacker (UI:R) - typically a currently authenticated WebCenter Content user, most impactfully an administrator or contributor, who must follow an attacker-supplied link or load attacker content in their browser. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed but lean toward high real-world risk: CVSS 3.1 is 9.3 with AV:N/AC:L/PR:N and a scope change (S:C) reflecting cross-product blast radius, which Oracle itself rated 'easily exploitable.' UI:R is the principal limiter - a logged-in user (likely a content author/administrator with active session) must be lured into clicking or visiting attacker content, which moves this away from worm-style mass exploitation toward phishing or watering-hole abuse against privileged operators. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker emails a Content Server administrator a link to an attacker-controlled page; when the admin (already logged into WebCenter Content) visits it, the page issues a crafted HTTP request to the Content Server, which carries the victim's session and performs unauthorized reads or modifications of managed content and, due to scope change, of data in an integrated Oracle product. No public exploit is identified at time of analysis, but Oracle's own 'easily exploitable' rating suggests reliable weaponization is plausible once the advisory details are reverse-engineered. |
| Remediation | Apply Oracle's June 2026 Critical Patch Update for Fusion Middleware as documented at https://www.oracle.com/security-alerts/cspujun2026.html; an exact patched build string is not enumerated in the provided data, so treat this as 'Patch available per vendor advisory' and pull the precise patch number from My Oracle Support for WebCenter Content 14.1.2.0.0. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Oracle WebCenter Content 14.1.2.0.0 instances; restrict network access to administrative consoles to trusted networks; enable comprehensive audit logging of all content access and modifications. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) allows a low-privilege
Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HT
Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacker sending HTTP req
Remote takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated network attackers to fully
Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via the Content Server
Share
External POC / Exploit Code
Leaving vuln.today