Oracle WebLogic Server Vulnerability Allows Unauthorized Access to Critical Data
Key Information
- Vendor
- Oracle
- Vendor
- CVE Published:
- 16 April 2024
Badges
Summary
CVE-2024-21006 is a vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware, affecting supported versions 12.2.1.4.0 and 14.1.1.0.0. It allows unauthenticated attackers to compromise the server and gain unauthorized access to critical data. The vulnerability is easily exploitable and has a CVSS 3.1 Base Score of 7.5, indicating its significant impact. There are no known exploitations in the wild by ransomware groups at this time. However, affected users should take measures to address this vulnerability as soon as possible to prevent potential unauthorized data access.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
SANS Internet Storm Center CVE-2024-21006SANS ISC Stormcast: Daily Network Security News Summary; Cyber Security Podcast
Daily Cyber Security News Podcast, Author: Dr. Johannes B. Ullrich
6 months ago
Spreaker CVE-2024-21006ISC StormCast for Wednesday, May 8th, 2024
Detecting XFinity/Comcast DNS Spoofing https://isc.sans.edu/diary/Detecting%20XFinity%20Comcast%20DNS%20Spoofing/30898 Weblogic PoC CVE-2024-21006 https://pwnull.github.io/2024/oracle%20weblogic%20CVE-2024-21006%20Double-JNDInjection%20RCE%20analyze/ https://github.com/momika233/CVE-2024-21006 PDF...
7 months ago
CVE-2024-21006 Archives - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
WebLogic T3/IIOP Information Disclosure Vulnerability (CVE-2024-21006/CVE-2024-21007) April 18, 2024 Overview Recently, NSFOCUS CERT detected that Oracle has released a security announcement and fixed...
7 months ago
CVSS V3.1
Timeline
- 👾
Exploit exists.
First article discovered by NSFocus
Vulnerability published.