Skip to main content

Oracle WebCenter Enterprise Capture EUVDEUVD-2026-37409

| CVE-2026-35280 CRITICAL
Improper Access Control (CWE-284)
2026-06-16 oracle
9.9
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
9.9 CRITICAL

Network-reachable T3/IIOP (AV:N), Oracle-rated easy exploitation (AC:L), requires any valid low-priv principal (PR:L), no interaction (UI:N), explicit scope change with full takeover (S:C/C:H/I:H/A:H).

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 21:24 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3, IIOP to compromise Oracle WebCenter Enterprise Capture. While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

AnalysisAI

Remote takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged attacker reaching the T3 or IIOP listeners, with a scope change that lets the compromise propagate to other Fusion Middleware components. CVSS 3.1 is rated 9.9 due to high confidentiality, integrity, and availability impact across a changed scope, and no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Obtain low-privileged WebLogic credential
Delivery
Reach T3/IIOP listener on Capture host
Exploit
Send crafted Client Bundle request
Install
Abuse Capture server-side handling
C2
Execute code in Capture JVM
Execute
Pivot via scope change to adjacent Fusion Middleware
Impact
Full Capture takeover

Vulnerability AssessmentAI

Exploitation Attacker must reach the Oracle WebLogic T3 or IIOP listener of the WebCenter Enterprise Capture managed server (typically TCP 7001/7002 or the IIOP equivalent) and must already hold a low-privileged authenticated principal on the WebLogic/Capture domain (PR:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All available signals converge on a high real-world priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who obtains any low-privileged WebLogic or Capture account (e.g., via phishing, credential reuse, or a foothold on an adjacent internal host) opens a T3 or IIOP connection to the WebCenter Capture managed server and submits a crafted Client Bundle request that abuses the flaw to execute attacker-controlled logic in the server JVM. Because the CVSS vector includes S:C, the attacker can pivot beyond Capture into other co-hosted Fusion Middleware components, ultimately achieving full takeover of the Capture instance and impacting adjacent services. …
Remediation Apply Patch available per vendor advisory by installing the fixes for Oracle WebCenter Enterprise Capture shipped in the Oracle Critical Patch Update of June 2026 (https://www.oracle.com/security-alerts/cspujun2026.html); Oracle does not publish a discrete fixed semver in the description, so consult the CPU patch matrix for the exact PSU/CPU identifier matching your 12.2.1.4.0 or 14.1.2.0.0 deployment. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and inventory all Oracle WebCenter Enterprise Capture instances (12.2.1.4.0 and 14.1.2.0.0); assess network accessibility and restrict T3/IIOP listener access from untrusted networks. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-37409 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy