← back
CVE-2023-21839

CVE-2023-21839

CVSS 7.5 HIGHEPSS 99.8%● KEVCWE-306
In short

Oracle WebLogic Server allows unauthenticated attackers to access sensitive data remotely through network protocols (T3, IIOP) without needing valid credentials. This is a critical vulnerability because it exposes confidential information to anyone with network access to the server.

Technical detail

An unauthenticated remote attacker can exploit missing or insufficient authentication checks in WebLogic Server's T3 and IIOP protocol handlers to gain unauthorized read access to critical data. The attack requires only network connectivity and has low complexity (CVSS 7.5), resulting in high confidentiality impact without authentication requirements (CWE-306: Missing Authentication).

Summary generated and translated by AI from the official description.
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Oracle Corporation · WebLogic Server
public PoCs found9
githubgithub.com/DXask88MA/Weblogic-CVE-2023-21839239githubgithub.com/ASkyeye/CVE-2023-21839115githubgithub.com/dinosn/CVE-2024-2093161githubgithub.com/Firebasky/CVE-2023-2183926githubgithub.com/houqe/POC_CVE-2023-2183918githubgithub.com/dinosn/CVE-2024-211823githubgithub.com/Romanc9/Gui-poc-test2githubgithub.com/kw3h4/CVE-2023-21839-metasploit-scanner0cve_referencepacketstormsecurity.com/files/172882/Oracle-Weblogic-PreAuth-Remote-Command-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/172882/Oracle-Weblogic-PreAuth-Remote-Command-Execution.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21839https://www.oracle.com/security-alerts/cpujan2023.html