Security Vulnerability in Oracle WebLogic Server Could Lead to Unauthorized Access
CVE-2024-21234

7.5HIGH

Key Information:

Vendor: Oracle
Status: Oracle Weblogic Server
Vendor: CVE Published:; 15 October 2024

What is CVE-2024-21234?

A vulnerability exists in Oracle WebLogic Server, specifically in the Core component of Oracle Fusion Middleware, affecting versions 12.2.1.4.0 and 14.1.1.0.0. This vulnerability is easily exploitable by an unauthenticated attacker with network access through T3 and IIOP protocols. If successfully exploited, it may allow unauthorized access to critical data, potentially leading to a full compromise of all data accessible through the affected Oracle WebLogic Server instance.

Affected Version(s)

Oracle WebLogic Server 12.2.1.4.0

Oracle WebLogic Server 14.1.1.0.0

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023