This vulnerability affects Oracle WebCenter Content version 14.1.2.0.0 and allows an unauthenticated attacker with network access via HTTP to compromise the system. Exploitation requires user interaction from a third party and can result in unauthorized creation, deletion, or modification of critical data, with a scope change potentially impacting other Oracle products. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N) reflects network attack vector, low attack complexity, no privileges required, user interaction required, scope change, and high confidentiality and integrity impacts without availability impact. Oracle's June 2026 Critical Security Patch Update advisory references this vulnerability among many others but does not explicitly state a patch for version 14.1.2.0.0 of Oracle WebCenter Content. Oracle urges customers to apply patches promptly and consider network-level mitigations to reduce exposure.

Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data within Oracle WebCenter Content, compromising confidentiality and integrity of data. The vulnerability also has a scope change, meaning it may affect additional Oracle products beyond WebCenter Content. There is no direct impact on availability. The CVSS score of 9.3 indicates a critical severity with significant potential impact on data security.

Oracle strongly recommends applying the June 2026 Critical Security Patch Update as soon as possible to address this and other vulnerabilities. Until patches are applied, risk can be reduced by blocking network protocols required for exploitation and by removing unnecessary privileges or access to vulnerable components from users who do not need them. Oracle's advisory does not explicitly confirm a patch for Oracle WebCenter Content 14.1.2.0.0 for this vulnerability, so customers should monitor the vendor advisory for updates and apply patches promptly when available.