Oracle Webcenter Enterprise Capture
Monthly
Remote takeover of Oracle WebCenter Enterprise Capture (versions 12.2.1.4.0 and 14.1.2.0.0) is possible by a low-privileged attacker with HTTP access to the Client Bundle component, with scope change extending impact to other Oracle Fusion Middleware products. CVSS 9.9 reflects easy exploitation with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Remote unauthenticated takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is possible via the RMI-based Client Bundle component, with a maximum CVSS 3.1 score of 10.0 due to a scope change that impacts additional products. Oracle's June 2026 CPU advisory is the authoritative source, and no public exploit identified at time of analysis, though the AV:N/AC:L/PR:N/UI:N profile makes weaponization plausible once technical details emerge.
Takeover of Oracle WebCenter Enterprise Capture is achievable by a low-privileged remote attacker via the T3 protocol in the Client Bundle component, affecting versions 12.2.1.4.0 and 14.1.2.0.0. The flaw carries a CVSS 3.1 base score of 9.9 with a scope change, meaning successful exploitation can significantly impact additional adjacent products beyond the vulnerable component. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Remote takeover of Oracle WebCenter Enterprise Capture (versions 12.2.1.4.0 and 14.1.2.0.0) is possible via the Client Bundle component over RMI, allowing unauthenticated network attackers to fully compromise the product and pivot into other Fusion Middleware components due to a CVSS scope change. With a maximum 10.0 CVSS score, low attack complexity, and no privileges or user interaction required, this is a top-priority issue, though no public exploit identified at time of analysis. Oracle disclosed the issue in its June 2026 Critical Patch Update.
Authenticated takeover of Oracle WebCenter Enterprise Capture (12.2.1.4.0 and 14.1.2.0.0) is achievable by a low-privileged remote attacker reaching the server via T3 or IIOP protocols, with scope change allowing impact on adjacent products in the Fusion Middleware stack. The CVSS 3.1 base score of 9.9 reflects full confidentiality, integrity, and availability compromise with low attack complexity, and no public exploit identified at time of analysis.
Remote takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacker who can reach the server's T3 or IIOP listener, with a scope change extending impact to additional Fusion Middleware components. Oracle rates the flaw CVSS 9.9 with full confidentiality, integrity, and availability impact; no public exploit identified at time of analysis and the CVE is not currently in CISA KEV.
Remote takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is possible via the Client Bundle component, where a low-privileged attacker with T3/IIOP network access can fully compromise the product with a scope-changed impact on adjacent Fusion Middleware components. The 9.9 CVSS score reflects easy exploitability with high confidentiality, integrity, and availability impact, though there is no public exploit identified at time of analysis. Defenders should treat this as a high-priority patching item given the trivial complexity and broad WebLogic protocol exposure typical of Oracle Fusion Middleware deployments.
Remote takeover of Oracle WebCenter Enterprise Capture (versions 12.2.1.4.0 and 14.1.2.0.0) is possible by a low-privileged attacker reaching the T3 or IIOP protocol endpoints, with a scope change that lets the attack significantly impact additional adjacent products. With a CVSS 3.1 score of 9.9 and high confidentiality, integrity, and availability impact, the flaw resides in the Client Bundle component of Oracle Fusion Middleware. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.
Account takeover of Oracle WebCenter Enterprise Capture (12.2.1.4.0 and 14.1.2.0.0) is achievable by a low-privileged attacker with network access to the T3 or IIOP protocols. The CVSS 9.9 score reflects a scope-changing flaw in the Client Bundle component that can pivot beyond the originally compromised product, with full impact on confidentiality, integrity, and availability. No public exploit identified at time of analysis, but Oracle's own CPU advisory confirms the issue and the low attack complexity makes it a high-priority patching target.
Remote takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged attacker reaching the T3 or IIOP listeners, with a scope change that lets the compromise propagate to other Fusion Middleware components. CVSS 3.1 is rated 9.9 due to high confidentiality, integrity, and availability impact across a changed scope, and no public exploit identified at time of analysis. The flaw resides in the Client Bundle component of this document-capture product and is fixed in Oracle's June 2026 Critical Patch Update.
Remote takeover of Oracle WebCenter Enterprise Capture (versions 12.2.1.4.0 and 14.1.2.0.0) is possible by a low-privileged attacker with HTTP access to the Client Bundle component, with scope change extending impact to other Oracle Fusion Middleware products. CVSS 9.9 reflects easy exploitation with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Remote unauthenticated takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is possible via the RMI-based Client Bundle component, with a maximum CVSS 3.1 score of 10.0 due to a scope change that impacts additional products. Oracle's June 2026 CPU advisory is the authoritative source, and no public exploit identified at time of analysis, though the AV:N/AC:L/PR:N/UI:N profile makes weaponization plausible once technical details emerge.
Takeover of Oracle WebCenter Enterprise Capture is achievable by a low-privileged remote attacker via the T3 protocol in the Client Bundle component, affecting versions 12.2.1.4.0 and 14.1.2.0.0. The flaw carries a CVSS 3.1 base score of 9.9 with a scope change, meaning successful exploitation can significantly impact additional adjacent products beyond the vulnerable component. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Remote takeover of Oracle WebCenter Enterprise Capture (versions 12.2.1.4.0 and 14.1.2.0.0) is possible via the Client Bundle component over RMI, allowing unauthenticated network attackers to fully compromise the product and pivot into other Fusion Middleware components due to a CVSS scope change. With a maximum 10.0 CVSS score, low attack complexity, and no privileges or user interaction required, this is a top-priority issue, though no public exploit identified at time of analysis. Oracle disclosed the issue in its June 2026 Critical Patch Update.
Authenticated takeover of Oracle WebCenter Enterprise Capture (12.2.1.4.0 and 14.1.2.0.0) is achievable by a low-privileged remote attacker reaching the server via T3 or IIOP protocols, with scope change allowing impact on adjacent products in the Fusion Middleware stack. The CVSS 3.1 base score of 9.9 reflects full confidentiality, integrity, and availability compromise with low attack complexity, and no public exploit identified at time of analysis.
Remote takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacker who can reach the server's T3 or IIOP listener, with a scope change extending impact to additional Fusion Middleware components. Oracle rates the flaw CVSS 9.9 with full confidentiality, integrity, and availability impact; no public exploit identified at time of analysis and the CVE is not currently in CISA KEV.
Remote takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is possible via the Client Bundle component, where a low-privileged attacker with T3/IIOP network access can fully compromise the product with a scope-changed impact on adjacent Fusion Middleware components. The 9.9 CVSS score reflects easy exploitability with high confidentiality, integrity, and availability impact, though there is no public exploit identified at time of analysis. Defenders should treat this as a high-priority patching item given the trivial complexity and broad WebLogic protocol exposure typical of Oracle Fusion Middleware deployments.
Remote takeover of Oracle WebCenter Enterprise Capture (versions 12.2.1.4.0 and 14.1.2.0.0) is possible by a low-privileged attacker reaching the T3 or IIOP protocol endpoints, with a scope change that lets the attack significantly impact additional adjacent products. With a CVSS 3.1 score of 9.9 and high confidentiality, integrity, and availability impact, the flaw resides in the Client Bundle component of Oracle Fusion Middleware. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.
Account takeover of Oracle WebCenter Enterprise Capture (12.2.1.4.0 and 14.1.2.0.0) is achievable by a low-privileged attacker with network access to the T3 or IIOP protocols. The CVSS 9.9 score reflects a scope-changing flaw in the Client Bundle component that can pivot beyond the originally compromised product, with full impact on confidentiality, integrity, and availability. No public exploit identified at time of analysis, but Oracle's own CPU advisory confirms the issue and the low attack complexity makes it a high-priority patching target.
Remote takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged attacker reaching the T3 or IIOP listeners, with a scope change that lets the compromise propagate to other Fusion Middleware components. CVSS 3.1 is rated 9.9 due to high confidentiality, integrity, and availability impact across a changed scope, and no public exploit identified at time of analysis. The flaw resides in the Client Bundle component of this document-capture product and is fixed in Oracle's June 2026 Critical Patch Update.