Unauthenticated Network Access Vulnerability in Oracle WebLogic Server
CVE-2024-21007

7.5HIGH

Key Information:

Vendor: Oracle
Status: Weblogic Server
Vendor: CVE Published:; 16 April 2024

Summary

A vulnerability has been identified in Oracle WebLogic Server, part of the Oracle Fusion Middleware suite, affecting version 12.2.1.4.0 and 14.1.1.0.0. This vulnerability can be exploited by unauthenticated attackers with network access through T3 or IIOP protocols, potentially allowing them to gain unauthorized access to critical data stored on WebLogic Server. If successfully exploited, this vulnerability could lead to a complete compromise of the accessible data within the affected Oracle WebLogic Server instances, posing significant risks to organizations relying on these systems. Businesses using the impacted versions are highly encouraged to apply security patches and take necessary measures to safeguard their data and infrastructure.

Affected Version(s)

WebLogic Server 12.2.1.4.0

WebLogic Server 14.1.1.0.0

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2024

Collectors

NVD DatabaseMitre Database