Unauthenticated Vulnerability in Oracle WebLogic Server by Oracle
CVE-2023-21839

7.5HIGH

Key Information:

Vendor
Oracle
Status
WebLogic Server
Vendor
CVE Published:
18 January 2023

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐Ÿฆ… CISA Reported๐Ÿ“ฐ News Worthy

Summary

A critical vulnerability found in Oracle WebLogic Server allows unauthenticated attackers with network access through T3 and IIOP to exploit the system. Successful exploitation gives attackers unauthorized access to sensitive data, potentially leading to complete control over all data accessible via the Oracle WebLogic Server. This highlights a significant risk to organizations using vulnerable versions of the product.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

WebLogic Server 12.2.1.3.0

WebLogic Server 12.2.1.4.0

WebLogic Server 14.1.1.0.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Weblogic-CVE-2023-21839
Created by DXask88MA

CVE-2024-20931
Created by dinosn

CVE-2023-21839
Created by ASkyeye

News Articles

favicon imageThe Hacker News

Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected

Heads up, everyone! CISA has issued an advisory warning of active exploitation of three known vulnerabilities.

2 years ago

favicon imageThe Register

CISA warns of Mirai botnet exploiting TP-Link routers

The US government's Cybersecurity and Infrastructure Security Agency (CISA) is adding three more flaws to its list of known-exploited vulnerabilities, including one involving TP-Link routers that is being...

2 years ago

favicon imageSecurityWeek

CISA Warns of Attacks Exploiting Oracle WebLogic Vulnerability Patched in January

CISA warns of attacks exploiting an Oracle WebLogic vulnerability tracked as CVE-2023-21839, which was patched with the January 2023 CPU.

2 years ago

References

https://www.oracle.com/security-alerts/cpujan2023.html
vendor-advisory
http://packetstormsecurity.com/files/172882/Oracle-Weblog...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ“ฐ

    First article discovered by SecurityWeek

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿฆ…

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.