Oracle WebLogic Server Vulnerability
CVE-2024-21181

9.8CRITICAL

Key Information:

Vendor
Oracle
Status
Weblogic Server
Vendor
CVE Published:
16 July 2024

Badges

πŸ“° News Worthy

Summary

A security vulnerability exists in the Core component of Oracle WebLogic Server, a part of Oracle Fusion Middleware. This specific flaw allows unauthenticated attackers with network access via T3 or IIOP protocols to potentially compromise the server completely. This could lead to an attacker gaining full control over the Oracle WebLogic Server, causing serious breaches in confidentiality, integrity, and availability. Versions 12.2.1.4.0 and 14.1.1.0.0 are known to be affected, emphasizing the urgent need for users to apply relevant security patches.

Affected Version(s)

WebLogic Server 12.2.1.4.0

WebLogic Server 14.1.1.0.0

News Articles

favicon imageCyber Security News

Oracle WebLogic Server Vulnerability Allows Complete Server Take Over

This vulnerability, disclosed on July 17, 2024, allows unauthenticated attackers with network access via T3 and IIOP protocols to gain complete control over the server.

6 months ago

References

https://www.oracle.com/security-alerts/cpujul2024.html
vendor-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by Cyber Security News

  • Vulnerability published

Collectors

NVD DatabaseMitre Database1 News Article(s)
.