Oracle Webcenter Portal
Monthly
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 (Fusion Middleware, Runtime Tools component) allows a low-privileged attacker with HTTPS network access to fully compromise the portal and, due to a scope change, impact additional downstream products. Oracle rates this 9.9 critical and the issue is described as easily exploitable; no public exploit identified at time of analysis and it is not currently listed in CISA KEV. The combination of low privilege requirement, network vector, and scope change makes any authenticated WebCenter user a credible threat for full takeover.
Complete takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by unauthenticated remote attackers via crafted HTTP requests to the Security Framework component, with CVSS 10.0 reflecting a scope change that lets the compromise extend beyond WebCenter into adjacent Fusion Middleware products. No public exploit identified at time of analysis, but the combination of network attack vector, low complexity, no privileges, no user interaction, and Oracle's own 'easily exploitable' wording makes this a top-priority patching event. Vendor-released patch is available via the Oracle Critical Patch Update of June 2026 (CPUJUN2026).
Remote unauthenticated takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is possible via the Security Framework component, allowing attackers to fully compromise the portal over HTTPS without credentials or user interaction. Oracle rates this 9.8 CVSS (AV:N/AC:L/PR:N/UI:N) and describes exploitation as 'easily exploitable', though there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows an authenticated low-privileged attacker to fully compromise the Portal over HTTPS and, due to a scope change, impact additional downstream products. Oracle rates the issue CVSS 9.9 and shipped fixes in the June 2026 Critical Patch Update; no public exploit identified at time of analysis, but the 'easily exploitable' wording and broad scope make this a high-priority Oracle CPU item.
Account/portal takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged remote attacker to compromise the product over HTTPS with low attack complexity, and because the scope changes the impact extends beyond WebCenter Portal itself to additional integrated Fusion Middleware components. The flaw, disclosed in Oracle's June 2026 Critical Patch Update, carries a CVSS 3.1 base score of 9.9 with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HTTP, with a scope-changed impact reaching adjacent Oracle Fusion Middleware products (CVSS 9.9). The flaw resides in the Security Framework component and was disclosed by Oracle in its June 2026 Critical Patch Update. No public exploit identified at time of analysis, but the low attack complexity and minimal privilege requirement make this a high-priority patching target.
Unauthenticated remote takeover of Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 is possible over HTTP via a flaw in the Security Framework component, with a scope change extending impact to additional Oracle Fusion Middleware products. The maximum CVSS 3.1 score of 10.0 reflects network-reachable exploitation with no authentication or user interaction and full confidentiality, integrity, and availability loss; no public exploit identified at time of analysis, but the trivial attack profile makes this a top-priority patch.
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the Security Framework component and pivot into adjacent products via a scope change. The flaw carries a CVSS 3.1 base score of 9.9 with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Oracle disclosed the issue in the June 2026 Critical Patch Update, but no CISA KEV listing or EPSS data was provided in the input.
Privilege escalation to full takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged authenticated attacker with HTTP network access to compromise the Composer component and, due to a CVSS scope change, impact additional downstream products. The flaw carries a CVSS 3.1 base score of 9.9 and is marked easily exploitable by Oracle, though no public exploit identified at time of analysis. EPSS data and CISA KEV status are not provided in the available intelligence.
Privilege escalation and full takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker through the Composer component, with a scope change that lets the impact reach additional products in the Fusion Middleware stack. Oracle rates the flaw 9.9 CVSS due to the combination of low attack complexity, low privilege requirement, and full CIA impact, and no public exploit has been identified at time of analysis.
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 (Fusion Middleware, Runtime Tools component) allows a low-privileged attacker with HTTPS network access to fully compromise the portal and, due to a scope change, impact additional downstream products. Oracle rates this 9.9 critical and the issue is described as easily exploitable; no public exploit identified at time of analysis and it is not currently listed in CISA KEV. The combination of low privilege requirement, network vector, and scope change makes any authenticated WebCenter user a credible threat for full takeover.
Complete takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by unauthenticated remote attackers via crafted HTTP requests to the Security Framework component, with CVSS 10.0 reflecting a scope change that lets the compromise extend beyond WebCenter into adjacent Fusion Middleware products. No public exploit identified at time of analysis, but the combination of network attack vector, low complexity, no privileges, no user interaction, and Oracle's own 'easily exploitable' wording makes this a top-priority patching event. Vendor-released patch is available via the Oracle Critical Patch Update of June 2026 (CPUJUN2026).
Remote unauthenticated takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is possible via the Security Framework component, allowing attackers to fully compromise the portal over HTTPS without credentials or user interaction. Oracle rates this 9.8 CVSS (AV:N/AC:L/PR:N/UI:N) and describes exploitation as 'easily exploitable', though there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows an authenticated low-privileged attacker to fully compromise the Portal over HTTPS and, due to a scope change, impact additional downstream products. Oracle rates the issue CVSS 9.9 and shipped fixes in the June 2026 Critical Patch Update; no public exploit identified at time of analysis, but the 'easily exploitable' wording and broad scope make this a high-priority Oracle CPU item.
Account/portal takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged remote attacker to compromise the product over HTTPS with low attack complexity, and because the scope changes the impact extends beyond WebCenter Portal itself to additional integrated Fusion Middleware components. The flaw, disclosed in Oracle's June 2026 Critical Patch Update, carries a CVSS 3.1 base score of 9.9 with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HTTP, with a scope-changed impact reaching adjacent Oracle Fusion Middleware products (CVSS 9.9). The flaw resides in the Security Framework component and was disclosed by Oracle in its June 2026 Critical Patch Update. No public exploit identified at time of analysis, but the low attack complexity and minimal privilege requirement make this a high-priority patching target.
Unauthenticated remote takeover of Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 is possible over HTTP via a flaw in the Security Framework component, with a scope change extending impact to additional Oracle Fusion Middleware products. The maximum CVSS 3.1 score of 10.0 reflects network-reachable exploitation with no authentication or user interaction and full confidentiality, integrity, and availability loss; no public exploit identified at time of analysis, but the trivial attack profile makes this a top-priority patch.
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the Security Framework component and pivot into adjacent products via a scope change. The flaw carries a CVSS 3.1 base score of 9.9 with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Oracle disclosed the issue in the June 2026 Critical Patch Update, but no CISA KEV listing or EPSS data was provided in the input.
Privilege escalation to full takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged authenticated attacker with HTTP network access to compromise the Composer component and, due to a CVSS scope change, impact additional downstream products. The flaw carries a CVSS 3.1 base score of 9.9 and is marked easily exploitable by Oracle, though no public exploit identified at time of analysis. EPSS data and CISA KEV status are not provided in the available intelligence.
Privilege escalation and full takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker through the Composer component, with a scope change that lets the impact reach additional products in the Fusion Middleware stack. Oracle rates the flaw 9.9 CVSS due to the combination of low attack complexity, low privilege requirement, and full CIA impact, and no public exploit has been identified at time of analysis.