Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Oracle |
|
No data.
No data.
No data.
References
| Link | Providers |
|---|---|
| https://www.oracle.com/security-alerts/cspujun2026.html |
|
History
Tue, 16 Jun 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |
| First Time appeared |
Oracle
Oracle webcenter Portal |
|
| CPEs | cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_portal:14.1.2.0.0:*:*:*:*:*:*:* |
|
| Vendors & Products |
Oracle
Oracle webcenter Portal |
|
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: oracle
Published:
Updated: 2026-06-16T19:27:30.298Z
Reserved: 2026-05-18T15:55:10.306Z
Link: CVE-2026-46845
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
No data.