Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Network-reachable HTTPS endpoint with low complexity, requires a low-privilege portal account (PR:L), no user interaction, and Oracle explicitly calls out scope change with full takeover impact.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle WebCenter Portal. While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
AnalysisAI
Account/portal takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged remote attacker to compromise the product over HTTPS with low attack complexity, and because the scope changes the impact extends beyond WebCenter Portal itself to additional integrated Fusion Middleware components. The flaw, disclosed in Oracle's June 2026 Critical Patch Update, carries a CVSS 3.1 base score of 9.9 with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Technical ContextAI
Oracle WebCenter Portal is a Java EE-based enterprise portal in the Oracle Fusion Middleware stack used to build collaborative intranets, extranets, and composite applications, typically deployed on WebLogic Server and tightly integrated with WebCenter Content, Identity Management, and back-end Oracle databases. The vulnerable component is the Security Framework, which mediates authentication, session handling, and authorization decisions for portal users; weaknesses in that layer (CWE not assigned by Oracle, but consistent with broken access control or authentication flaws) typically allow an authenticated low-privilege user to escalate privileges or perform actions reserved for portal administrators. The CPE cpe:2.3:a:oracle_corporation:oracle_webcenter_portal covers both confirmed branches, and the scope-change indicator implies the Security Framework can issue trust decisions that are honored by downstream Fusion Middleware components, explaining why successful exploitation can pivot beyond the portal itself.
RemediationAI
Apply the Oracle Critical Patch Update from June 2026 referenced at https://www.oracle.com/security-alerts/cspujun2026.html to both affected branches (12.2.1.4.0 and 14.1.2.0.0); Oracle CPUs are cumulative, so install the latest bundle patch for your branch rather than picking individual fixes. If patching must be deferred, restrict network reach to the WebCenter Portal HTTPS endpoints to trusted management networks via firewall or reverse-proxy ACLs, tighten provisioning so the low-privilege account population is minimized and disable or expire dormant portal accounts, and increase monitoring on the Security Framework audit logs and WebLogic access logs for privilege-escalation patterns - each of these reduces exposure but does not close the underlying flaw and may block legitimate self-service portal use. Patch status: vendor-released patch available per Oracle CPU June 2026; exact bundle patch identifier should be taken from the Oracle advisory matrix for your branch.
More in Oracle Webcenter Portal
View allComplete takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by unauthenticated remote attackers
Unauthenticated remote takeover of Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 is possible over HTTP via
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 (Fusion Middleware, Runtime Tools component) allow
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows an authenticated low-privileged attacker to
Takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HTT
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network
Privilege escalation to full takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged authe
Privilege escalation and full takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privi
Remote unauthenticated takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is possible via the Security Framew
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37336