Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Oracle's description of unauthenticated HTTPS exploitation resulting in full portal takeover justifies AV:N/AC:L/PR:N/UI:N with high C/I/A impact and unchanged scope.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
AnalysisAI
Remote unauthenticated takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is possible via the Security Framework component, allowing attackers to fully compromise the portal over HTTPS without credentials or user interaction. Oracle rates this 9.8 CVSS (AV:N/AC:L/PR:N/UI:N) and describes exploitation as 'easily exploitable', though there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Technical ContextAI
Oracle WebCenter Portal is an enterprise portal platform within the Oracle Fusion Middleware stack used for building intranet and extranet sites with collaboration, content, and social features. The flaw resides in the Security Framework component, which mediates authentication, authorization, and session handling for portal requests. Although Oracle did not publish a CWE, the combination of network attack vector, no privileges required, no user interaction, and 'takeover' impact is consistent with an authentication bypass or broken-access-control class weakness in the framework that brokers identity for portal services. The CPE cpe:2.3:a:oracle_corporation:oracle_webcenter_portal:*:*:*:*:*:*:*:* confirms the product scope is the WebCenter Portal application itself rather than an embedded third-party library.
RemediationAI
Apply the Oracle June 2026 Critical Patch Update for WebCenter Portal as documented at https://www.oracle.com/security-alerts/cspujun2026.html - patch availability is confirmed per vendor advisory though no standalone fix version is published outside the CPU bundle. Until the CPU can be deployed, restrict network reachability of the WebCenter Portal HTTPS endpoints to trusted networks via firewall or reverse proxy ACLs, place the portal behind a web application firewall with rules that monitor and rate-limit authentication and session-establishment endpoints exposed by the Security Framework, and increase monitoring of WebCenter authentication and admin-action logs for anomalous unauthenticated access; the trade-off is that network restrictions may break legitimate remote-user access and WAF rules without a known exploit signature can only provide generic protection rather than a precise virtual patch.
More in Oracle Webcenter Portal
View allComplete takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by unauthenticated remote attackers
Unauthenticated remote takeover of Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 is possible over HTTP via
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 (Fusion Middleware, Runtime Tools component) allow
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows an authenticated low-privileged attacker to
Account/portal takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged remote attacker to
Takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HTT
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network
Privilege escalation to full takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged authe
Privilege escalation and full takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privi
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37338