CVE-2023-21996 HIGH

CVE-2023-21996

Vendor Oracle Corporation

Product WebLogic Server

Published April 18, 2023

Last update September 13, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Key dates

02Disclosure timeline

April 18, 2023 CVE published

September 13, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-21996

Identifiers

CVE CVE-2023-21996

CVSS 7.5 / HIGH

Affected versions

Vendor Oracle Corporation

Product WebLogic Server

Affected 12.2.1.3.0

Vendor Oracle Corporation

Product WebLogic Server

Affected 12.2.1.4.0

Vendor Oracle Corporation

Product WebLogic Server

Affected 14.1.1.0.0