Unauthorized Access Vulnerability in Oracle WebLogic Server by Oracle
CVE-2023-21956
6.1MEDIUM
Summary
A weakness in Oracle WebLogic Server, part of the Oracle Fusion Middleware suite, enables an unauthenticated attacker with network access via HTTP to compromise the server. While the attack requires human interaction from a user other than the attacker, the consequences can extend beyond WebLogic Server itself, jeopardizing additional Oracle products. Successful exploitation of this vulnerability may allow unauthorized manipulation, including updates, inserts, or deletions of accessible data, as well as unauthorized reading of sensitive datasets.
Affected Version(s)
WebLogic Server 12.2.1.4.0
WebLogic Server 14.1.1.0.0
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved