Unauthenticated Access Vulnerability in Oracle WebLogic Server by Oracle
CVE-2023-22101

8.1HIGH

Key Information:

Vendor: Oracle
Status: WebLogic Server
Vendor: CVE Published:; 17 October 2023

Summary

A vulnerability exists within Oracle WebLogic Server that could allow an unauthenticated attacker with network access to compromise the server via T3 and IIOP protocols. This vulnerability affects specific versions of WebLogic Server, enabling potential takeover of the server by exploiting its network accessibility. As organizations leverage Oracle Fusion Middleware, addressing this vulnerability is crucial to safeguarding sensitive data and ensuring robust security measures are in place.

Affected Version(s)

WebLogic Server 12.2.1.4.0

WebLogic Server 14.1.1.0.0

References

https://www.oracle.com/security-alerts/cpuoct2023.html

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Dec 17, 2022

Collectors

NVD DatabaseMitre Database