Unauthorized Access Vulnerability in Oracle WebLogic Server by Oracle
CVE-2023-21956

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Weblogic Server
Vendor: CVE Published:; 18 April 2023

Summary

A weakness in Oracle WebLogic Server, part of the Oracle Fusion Middleware suite, enables an unauthenticated attacker with network access via HTTP to compromise the server. While the attack requires human interaction from a user other than the attacker, the consequences can extend beyond WebLogic Server itself, jeopardizing additional Oracle products. Successful exploitation of this vulnerability may allow unauthorized manipulation, including updates, inserts, or deletions of accessible data, as well as unauthorized reading of sensitive datasets.

Affected Version(s)

WebLogic Server 12.2.1.4.0

WebLogic Server 14.1.1.0.0

References

https://www.oracle.com/security-alerts/cpuapr2023.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Dec 17, 2022