Remote Command Execution Vulnerability in Oracle WebLogic Server
CVE-2023-21931

7.5HIGH

Key Information:

Vendor: Oracle
Status: Weblogic Server
Vendor: CVE Published:; 18 April 2023

Badges

👾 Exploit Exists🟣 EPSS 77%

What is CVE-2023-21931?

A vulnerability exists within Oracle WebLogic Server that allows an unauthenticated attacker with network access via T3 to exploit the system. This weakness can enable unauthorized access to sensitive data or, in some cases, give an attacker complete control over all data accessible within the Oracle WebLogic Server environment. The supported versions affected by this issue are 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. It is crucial for organizations operating these versions to apply the appropriate patches to mitigate potential risks.

Affected Version(s)

WebLogic Server 12.2.1.3.0

WebLogic Server 12.2.1.4.0

WebLogic Server 14.1.1.0.0

References

https://www.oracle.com/security-alerts/cpuapr2023.html

vendor-advisory

http://packetstormsecurity.com/files/172882/Oracle-Weblog...

EPSS Score

77% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 21, 2023
👾
Exploit known to exist
Oct 21, 2023
Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Dec 17, 2022