PT-2026-49911 · Oracle · Oracle Webcenter Enterprise Capture

Published

2026-06-16

Updated

2026-06-17

CVE-2026-46778

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 Oracle WebCenter Enterprise Capture versions 14.1.2.0.0

Description An issue in the Client Bundle component of Oracle WebCenter Enterprise Capture allows an unauthenticated attacker with network access via RMI (Remote Method Invocation, a Java API that allows an object to invoke methods on an object running in another JVM) to compromise the system. Successful exploitation can result in a full takeover of Oracle WebCenter Enterprise Capture and may significantly impact additional products due to a scope change.

Recommendations Apply the June 2026 CPU for version 12.2.1.4.0. Apply the June 2026 CPU for version 14.1.2.0.0.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2026-46778

Affected Products

Oracle Webcenter Enterprise Capture

PT-2026-49911 · Oracle · Oracle Webcenter Enterprise Capture

CVE-2026-46778

Weakness Enumeration

Related Identifiers

Affected Products

References · 2