Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vendor description confirms unauthenticated HTTP exploitation with no user interaction, scope change to other Fusion Middleware products, and full takeover impacting confidentiality, integrity, and availability.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
AnalysisAI
Unauthenticated remote takeover of Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 is possible over HTTP via a flaw in the Security Framework component, with a scope change extending impact to additional Oracle Fusion Middleware products. The maximum CVSS 3.1 score of 10.0 reflects network-reachable exploitation with no authentication or user interaction and full confidentiality, integrity, and availability loss; no public exploit identified at time of analysis, but the trivial attack profile makes this a top-priority patch.
Technical ContextAI
Oracle WebCenter Portal is an enterprise portal platform within the Oracle Fusion Middleware stack used to build intranets, extranets, and composite web applications, often integrated with WebLogic Server, Oracle Identity Management, and back-end content systems. The flaw resides in the product's Security Framework, the layer responsible for authentication, authorization, and identity propagation across portal services, meaning the very component meant to enforce trust boundaries is the one being bypassed. While Oracle did not publish a CWE, the combination of unauthenticated network exploitability with a scope change is consistent with an authentication bypass or broken access control class issue (CWE-287/CWE-862-family) that lets an external HTTP requester reach privileged portal operations and pivot into downstream Fusion Middleware components.
RemediationAI
Apply the patches delivered in the Oracle Critical Patch Update advisory of June 2026 (https://www.oracle.com/security-alerts/cspujun2026.html) for Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0; Oracle CPU bundles are the only vendor-released fix path and must be staged on a non-production environment first because Fusion Middleware patching often requires OPatch, domain restarts, and revalidation of customized portal applications. Until patching is complete, restrict network exposure of the WebCenter Portal HTTP/HTTPS endpoints to trusted networks via a WAF or reverse proxy ACL, monitor portal access logs for anomalous unauthenticated requests to Security Framework endpoints, and where feasible take internet-facing portal instances offline - accepting the trade-off that legitimate external users (extranet partners, remote employees) will lose access until the CPU is applied. Do not rely on disabling individual portal features as a substitute, since the flaw is in the cross-cutting Security Framework rather than an optional module.
More in Oracle Webcenter Portal
View allComplete takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by unauthenticated remote attackers
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 (Fusion Middleware, Runtime Tools component) allow
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows an authenticated low-privileged attacker to
Account/portal takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged remote attacker to
Takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HTT
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network
Privilege escalation to full takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged authe
Privilege escalation and full takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privi
Remote unauthenticated takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is possible via the Security Framew
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37321