CVE-2022-21371
CVE-2022-21371
In short
A security flaw in Oracle WebLogic Server allows anyone on the network to access sensitive data without logging in. An attacker can view confidential information by sending specially crafted requests over HTTP.
Technical detail
Unauthenticated remote code access vulnerability in Oracle WebLogic Server Web Container (versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0) exploitable via HTTP without authentication. The vulnerability results in high-impact confidentiality breach, allowing attackers to read critical data accessible by the WebLogic instance.
Summary generated and translated by AI from the official description.
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Oracle Corporation · WebLogic Serverpublic PoCs found — 5
githubgithub.com/Mr-xn/CVE-2022-21371★ 27githubgithub.com/Vulnmachines/Oracle-WebLogic-CVE-2022-21371★ 18githubgithub.com/Cappricio-Securities/CVE-2022-21371★ 1cve_referencepacketstormsecurity.com/files/165736/Oracle-WebLogic-Server-14.1.1.0.0-Local-File-Inclusion.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50688unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →