CVE-2023-21839

7.5HIGH

Key Information

Vendor
Oracle
Status
WebLogic Server
Vendor
CVE Published:
18 January 2023

Badges

👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-21839 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

WebLogic Server = 12.2.1.3.0

WebLogic Server = 12.2.1.4.0

WebLogic Server = 14.1.1.0.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Weblogic-CVE-2023-21839
Created by DXask88MA

CVE-2024-20931
Created by dinosn

CVE-2023-21839
Created by ASkyeye

News Articles

favicon imageThe Hacker News

Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected

Heads up, everyone! CISA has issued an advisory warning of active exploitation of three known vulnerabilities.

2 years ago

favicon imageThe Register

CISA warns of Mirai botnet exploiting TP-Link routers

The US government's Cybersecurity and Infrastructure Security Agency (CISA) is adding three more flaws to its list of known-exploited vulnerabilities, including one involving TP-Link routers that is being...

2 years ago

favicon imageSecurityWeek

CISA Warns of Attacks Exploiting Oracle WebLogic Vulnerability Patched in January

CISA warns of attacks exploiting an Oracle WebLogic vulnerability tracked as CVE-2023-21839, which was patched with the January 2023 CPU.

2 years ago

Refferences

https://www.oracle.com/security-alerts/cpujan2023.html
vendor-advisory
http://packetstormsecurity.com/files/172882/Oracle-Weblog...

EPSS Score

3% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🔴

    Public PoC available

  • First article discovered by SecurityWeek

  • 👾

    Exploit known to exist

  • CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseCISA Database7 Proof of Concept(s)3 News Article(s)
.