← Zuruck zu CVEs

CVE-2023-21839

HIGHCISA KEV

7.5

Beschreibung

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVE Details

CVSS v3.1 Bewertung7.5

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht1/18/2023

Zuletzt geandert10/27/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerOracle

ProduktWebLogic Server

SchwachstellennameOracle WebLogic Server Unspecified Vulnerability

KEV Aufnahmedatum2023-05-01

Behebungsfrist2023-05-22

Ransomware-NutzungUnknown

Betroffene Produkte

oracle:weblogic_server

Schwachen (CWE)

CWE-502CWE-306

Referenzen

http://packetstormsecurity.com/files/172882/Oracle-Weblogic-PreAuth-Remote-Command-Execution.html(secalert_us@oracle.com)

https://www.oracle.com/security-alerts/cpujan2023.html(secalert_us@oracle.com)

http://packetstormsecurity.com/files/172882/Oracle-Weblogic-PreAuth-Remote-Command-Execution.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.oracle.com/security-alerts/cpujan2023.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21839(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.