Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Oracle |
|
No data.
No data.
No data.
References
| Link | Providers |
|---|---|
| https://www.oracle.com/security-alerts/cspujun2026.html |
|
History
Tue, 16 Jun 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | |
| First Time appeared |
Oracle
Oracle webcenter Sites |
|
| CPEs | cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:14.1.2.0.0:*:*:*:*:*:*:* |
|
| Vendors & Products |
Oracle
Oracle webcenter Sites |
|
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: oracle
Published:
Updated: 2026-06-16T19:27:10.108Z
Reserved: 2026-04-01T20:03:40.837Z
Link: CVE-2026-35318
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
No data.