PT-2026-49914 · Oracle · Oracle Webcenter Enterprise Capture

Published

2026-06-16

Updated

2026-06-17

CVE-2026-46781

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 Oracle WebCenter Enterprise Capture versions 14.1.2.0.0

Description An issue in the Client Bundle component of Oracle WebCenter Enterprise Capture allows an unauthenticated attacker with network access via Remote Method Invocation (RMI) to compromise the system. RMI is a Java API that allows an object to invoke methods on an object running in another Java Virtual Machine. Successful exploitation can lead to a full takeover of the software and may significantly impact additional products due to a scope change.

Recommendations Update version 12.2.1.4.0 to the version provided in the June 2026 Critical Patch Update. Update version 14.1.2.0.0 to the version provided in the June 2026 Critical Patch Update.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-46781

Affected Products

Oracle Webcenter Enterprise Capture

PT-2026-49914 · Oracle · Oracle Webcenter Enterprise Capture

CVE-2026-46781

Related Identifiers

Affected Products

References · 2