Remote Code Execution Vulnerability in Oracle WebLogic Server
CVE-2024-21183

7.5HIGH

Key Information:

Vendor: Oracle
Status: Weblogic Server
Vendor: CVE Published:; 16 July 2024

Summary

A newly identified remote code execution vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware poses a significant risk to data integrity. Found in versions 12.2.1.4.0 and 14.1.1.0.0, this easily exploitable flaw allows unauthenticated attackers with network access to compromise the server via T3 and IIOP protocols. Successful exploitation can lead to unauthorized access to sensitive data, potentially exposing critical systems to further attacks. Organizations using the affected versions are urged to implement security patches and adhere to best practices to mitigate these risks. For detailed information, refer to the official Oracle advisory.

Affected Version(s)

WebLogic Server 12.2.1.4.0

WebLogic Server 14.1.1.0.0

References

https://www.oracle.com/security-alerts/cpujul2024.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2024