CVE-2023-21979 HIGH

CVE-2023-21979

Vendor Oracle Corporation

Product WebLogic Server

Published April 18, 2023

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Key dates

02Disclosure timeline

April 18, 2023 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-21979

Identifiers

CVE CVE-2023-21979

CVSS 7.5 / HIGH

Affected versions

Vendor Oracle Corporation

Product WebLogic Server

Affected 12.2.1.3.0

Vendor Oracle Corporation

Product WebLogic Server

Affected 12.2.1.4.0

Vendor Oracle Corporation

Product WebLogic Server

Affected 14.1.1.0.0