Description
Oracle WebLogic Server is an application services middleware for cloud and traditional environments from Oracle Corporation (USA) that provides a modern lightweight development platform that supports full lifecycle management of applications from development to production and simplifies application deployment and management.Oracle WebLogic Server is vulnerable to A security vulnerability exists that could be exploited by an unauthenticated attacker to compromise Oracle WebLogic Server via HTTP network access.
Affected Software
Related
{"id": "CNVD-2021-59240", "vendorId": null, "type": "cnvd", "bulletinFamily": "cnvd", "title": "Oracle WebLogic Server has an unspecified vulnerability (CNVD-2021-59240)", "description": "Oracle WebLogic Server is an application services middleware for cloud and traditional environments from Oracle Corporation (USA) that provides a modern lightweight development platform that supports full lifecycle management of applications from development to production and simplifies application deployment and management.Oracle WebLogic Server is vulnerable to A security vulnerability exists that could be exploited by an unauthenticated attacker to compromise Oracle WebLogic Server via HTTP network access.", "published": "2021-07-23T00:00:00", "modified": "2021-09-01T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-59240", "reporter": "China National Vulnerability Database", "references": [], "cvelist": ["CVE-2021-2403"], "immutableFields": [], "lastseen": "2022-11-05T10:49:20", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-2403"]}, {"type": "nessus", "idList": ["ORACLE_WEBLOGIC_SERVER_CPU_JUL_2021.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2021"]}, {"type": "thn", "idList": ["THN:2B49FD6B1FE640C017C0531F850B4C11"]}]}, "score": {"value": 1.3, "vector": "NONE"}, "affected_software": {"major_version": [{"name": "oracle oracle weblogic server 10.3.", "version": 6}, {"name": "oracle oracle weblogic server 12.1.", "version": 3}, {"name": "oracle oracle weblogic server 12.2.", "version": 1}, {"name": "oracle oracle weblogic server 12.2.", "version": 1}, {"name": "oracle oracle weblogic server 14.1.", "version": 1}]}, "epss": [{"cve": "CVE-2021-2403", "epss": "0.001400000", "percentile": "0.479430000", "modified": "2023-03-20"}], "vulnersScore": 1.3}, "_state": {"dependencies": 1667645535, "score": 1667645541, "affected_software_major_version": 1671611801, "epss": 1679345642}, "_internal": {"score_hash": "1425ddb719ec572133a2734e941a8611"}, "vendorCVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "affectedSoftware": [{"version": "6.0.0", "operator": "eq", "name": "oracle oracle weblogic server 10.3."}, {"version": "3.0.0", "operator": "eq", "name": "oracle oracle weblogic server 12.1."}, {"version": "1.3.0", "operator": "eq", "name": "oracle oracle weblogic server 12.2."}, {"version": "1.4.0", "operator": "eq", "name": "oracle oracle weblogic server 12.2."}, {"version": "1.0.0", "operator": "eq", "name": "oracle oracle weblogic server 14.1."}]}
{"cve": [{"lastseen": "2023-02-09T14:10:34", "description": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-07-21T15:15:00", "type": "cve", "title": "CVE-2021-2403", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-2403"], "modified": "2021-07-23T14:42:00", "cpe": ["cpe:/a:oracle:weblogic_server:12.1.3.0.0", "cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/a:oracle:weblogic_server:12.2.1.4.0", "cpe:/a:oracle:weblogic_server:10.3.6.0.0", "cpe:/a:oracle:weblogic_server:14.1.1.0.0"], "id": "CVE-2021-2403", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2403", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2023-01-11T14:51:42", "description": "The 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2021 CPU advisory.\n\n - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).\n Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.\n Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. (CVE-2021-2394, CVE-2021-2397)\n\n - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Security).\n Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.\n Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. (CVE-2021-2382)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-23T00:00:00", "type": "nessus", "title": "Oracle WebLogic Server Multiple Vulnerabilities (July 2021 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0254", "CVE-2021-2376", "CVE-2021-2378", "CVE-2021-2382", "CVE-2021-2394", "CVE-2021-2397", "CVE-2021-2403"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:weblogic_server"], "id": "ORACLE_WEBLOGIC_SERVER_CPU_JUL_2021.NASL", "href": "https://www.tenable.com/plugins/nessus/152035", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152035);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2015-0254\",\n \"CVE-2021-2376\",\n \"CVE-2021-2378\",\n \"CVE-2021-2382\",\n \"CVE-2021-2394\",\n \"CVE-2021-2397\",\n \"CVE-2021-2403\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0326\");\n\n script_name(english:\"Oracle WebLogic Server Multiple Vulnerabilities (July 2021 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 versions of WebLogic Server installed on the remote\nhost are affected by multiple vulnerabilities as referenced in the July 2021 CPU advisory.\n\n - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).\n Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.\n Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to\n compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of\n Oracle WebLogic Server. (CVE-2021-2394, CVE-2021-2397)\n\n - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Security).\n Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.\n Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to\n compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of\n Oracle WebLogic Server. (CVE-2021-2382)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpujul2021cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujul2021.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2021 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-2394\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:weblogic_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_weblogic_server_installed.nbin\", \"os_fingerprint.nasl\");\n script_require_keys(\"installed_sw/Oracle WebLogic Server\");\n\n exit(0);\n}\n\ninclude('vcf_extras_oracle.inc');\n\nvar app_info = vcf::oracle_weblogic::get_app_info();\n\nvar constraints = [\n {'min_version' : '14.1.1.0', 'fixed_version' : '14.1.1.0.210701', 'fixed_display' : '33125254 or 33069656'},\n {'min_version' : '12.2.1.4', 'fixed_version' : '12.2.1.4.210629', 'fixed_display' : '33125241 or 33059296'},\n {'min_version' : '12.2.1.3', 'fixed_version' : '12.2.1.3.210630', 'fixed_display' : '33125226 or 33064699'},\n {'min_version' : '12.1.3.0', 'fixed_version' : '12.1.3.0.210720', 'fixed_display' : '32832660'},\n {'min_version' : '10.3.6', 'fixed_version' : '10.3.6.0.210720', 'fixed_display' : '3NVW'}\n];\n\nvcf::oracle_weblogic::check_version_and_report(app_info:app_info, severity:SECURITY_HOLE, constraints:constraints);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-05-09T12:39:19", "description": "[](<https://thehackernews.com/images/-v-brtP5r-dY/YPkqNVQDhTI/AAAAAAAADTE/TWk9-PibzWQlDWVME5ZBc1frl1MN2GJHACLcBGAsYHQ/s0/oracle.gif>)\n\nOracle on Tuesday released its quarterly [Critical Patch Update for July 2021](<https://www.oracle.com/security-alerts/cpujul2021.html>) with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system.\n\nChief among them is [CVE-2019-2729](<https://www.oracle.com/security-alerts/alert-cve-2019-2729.html>), a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without authentication. It's worth noting that the weakness was originally addressed as part of an [out-of-band security update](<https://blogs.oracle.com/security/post/security-alert-cve-2019-2729-released>) in June 2019.\n\nOracle WebLogic Server is an application server that functions as a platform for developing, deploying, and running enterprise Java-based applications.\n\nThe flaw, which is rated 9.8 out of a maximum of 10 on the CVSS severity scale, affects WebLogic Server versions 11.1.2.4 and 11.2.5.0 and exists within the Oracle Hyperion Infrastructure Technology.\n\nAlso fixed in WebLogic Server are six other flaws, three of which have been assigned a CVSS score of 9.8 out of 10 \u2014\n\n * [CVE-2021-2394](<https://nvd.nist.gov/vuln/detail/CVE-2021-2394>) (CVSS score: 9.8)\n * [CVE-2021-2397](<https://nvd.nist.gov/vuln/detail/CVE-2021-2397>) (CVSS score: 9.8)\n * [CVE-2021-2382](<https://nvd.nist.gov/vuln/detail/CVE-2021-2382>) (CVSS score: 9.8)\n * [CVE-2021-2378](<https://nvd.nist.gov/vuln/detail/CVE-2021-2378>) (CVSS score: 7.5)\n * [CVE-2021-2376](<https://nvd.nist.gov/vuln/detail/CVE-2021-2376>) (CVSS score: 7.5)\n * [CVE-2021-2403](<https://nvd.nist.gov/vuln/detail/CVE-2021-2403>) (CVSS score: 5.3)\n\nThis is far from the first time critical issues have been discovered in WebLogic Server. Earlier this year, Oracle shipped the [April 2021 patch](<https://www.oracle.com/security-alerts/cpuapr2021.html>) with fixes for two bugs (CVE-2021-2135 and CVE-2021-2136), among others that could be abused to execute arbitrary code.\n\nOracle customers are advised to move quickly to apply the updates and protect systems against potential exploitation.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-22T08:21:00", "type": "thn", "title": "Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2729", "CVE-2021-2135", "CVE-2021-2136", "CVE-2021-2376", "CVE-2021-2378", "CVE-2021-2382", "CVE-2021-2394", "CVE-2021-2397", "CVE-2021-2403"], "modified": "2021-07-22T08:21:09", "id": "THN:2B49FD6B1FE640C017C0531F850B4C11", "href": "https://thehackernews.com/2021/07/oracle-warns-of-critical-remotely.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oracle": [{"lastseen": "2021-10-22T15:44:17", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 342 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2021 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2788740.1>).\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-07-20T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - July 2021", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29582", "CVE-2021-2389", "CVE-2020-11612", "CVE-2020-26217", "CVE-2020-27783", "CVE-2021-26272", "CVE-2020-7017", "CVE-2018-15686", "CVE-2021-2339", "CVE-2020-12723", "CVE-2021-30369", "CVE-2021-2423", "CVE-2017-16931", "CVE-2017-9735", "CVE-2021-2441", "CVE-2021-25122", "CVE-2021-2402", "CVE-2020-28928", "CVE-2020-11023", "CVE-2021-2340", "CVE-2020-7712", "CVE-2020-28196", "CVE-2021-2354", "CVE-2020-9484", "CVE-2021-2362", "CVE-2019-16942", "CVE-2021-2357", "CVE-2019-11358", "CVE-2021-22884", "CVE-2021-2407", "CVE-2021-2244", "CVE-2019-15605", "CVE-2020-36184", "CVE-2020-27841", "CVE-2021-22897", "CVE-2021-27807", "CVE-2021-2371", "CVE-2021-2406", "CVE-2021-3177", "CVE-2019-17545", "CVE-2019-17195", "CVE-2021-21341", "CVE-2012-0881", "CVE-2021-2463", "CVE-2020-13935", "CVE-2021-2450", "CVE-2020-11022", "CVE-2021-2400", "CVE-2017-7657", "CVE-2021-2457", "CVE-2021-20227", "CVE-2021-2409", "CVE-2021-2437", "CVE-2020-10683", "CVE-2019-3740", "CVE-2020-14756", "CVE-2019-0210", "CVE-2020-8554", "CVE-2021-2334", "CVE-2019-0190", "CVE-2021-3449", "CVE-2021-2456", "CVE-2020-35728", "CVE-2017-3735", "CVE-2019-3738", "CVE-2021-2419", "CVE-2020-17527", "CVE-2017-7658", "CVE-2021-28041", "CVE-2021-26117", "CVE-2020-5413", "CVE-2020-36182", "CVE-2020-27845", "CVE-2021-2428", "CVE-2019-17566", "CVE-2021-2324", "CVE-2020-8284", "CVE-2021-2388", "CVE-2021-2367", "CVE-2019-10086", "CVE-2021-2458", "CVE-2020-27844", "CVE-2020-26870", "CVE-2021-2435", "CVE-2021-21349", "CVE-2021-2366", "CVE-2020-36181", "CVE-2021-3520", "CVE-2021-3156", "CVE-2021-21348", "CVE-2021-2382", "CVE-2020-11973", "CVE-2021-2431", "CVE-2019-16943", "CVE-2021-2373", "CVE-2020-8174", "CVE-2020-5421", "CVE-2020-28052", "CVE-2019-13990", "CVE-2021-21350", "CVE-2021-2433", "CVE-2021-23336", "CVE-2020-7016", "CVE-2019-5063", "CVE-2021-21342", "CVE-2020-17530", "CVE-2021-2393", "CVE-2019-3739", "CVE-2020-36186", "CVE-2020-1968", "CVE-2020-10543", "CVE-2020-13949", "CVE-2021-2425", "CVE-2019-10746", "CVE-2019-2897", "CVE-2021-21344", "CVE-2016-0762", "CVE-2021-2429", "CVE-2021-3450", "CVE-2021-23840", "CVE-2021-2434", "CVE-2020-14061", "CVE-2020-15389", "CVE-2021-2411", "CVE-2021-2412", "CVE-2021-22890", "CVE-2021-2408", "CVE-2020-5258", "CVE-2021-2452", "CVE-2021-2394", "CVE-2021-26271", "CVE-2020-27216", "CVE-2021-2374", "CVE-2020-11998", "CVE-2021-2422", "CVE-2021-2341", "CVE-2020-7760", "CVE-2021-22876", "CVE-2020-11979", "CVE-2021-23839", "CVE-2020-27842", "CVE-2021-2323", "CVE-2020-2604", "CVE-2021-2446", "CVE-2021-2449", "CVE-2021-2356", "CVE-2018-7160", "CVE-2019-0201", "CVE-2021-2363", "CVE-2020-17521", "CVE-2021-27568", "CVE-2018-7183", "CVE-2021-2380", "CVE-2021-2448", "CVE-2020-27814", "CVE-2021-2395", "CVE-2021-21409", "CVE-2021-2347", "CVE-2019-17531", "CVE-2020-8285", "CVE-2020-1945", "CVE-2020-1941", "CVE-2020-11868", "CVE-2021-2330", "CVE-2021-20190", "CVE-2021-2410", "CVE-2018-0739", "CVE-2021-2364", "CVE-2019-12973", "CVE-2021-2349", "CVE-2019-15606", "CVE-2021-2455", "CVE-2020-36185", "CVE-2020-1971", "CVE-2021-2370", "CVE-2020-25649", "CVE-2021-3560", "CVE-2021-21346", "CVE-2021-2328", "CVE-2021-2387", "CVE-2020-11988", "CVE-2021-22118", "CVE-2020-11987", "CVE-2021-2365", "CVE-2021-21345", "CVE-2021-22898", "CVE-2021-2444", "CVE-2021-2453", "CVE-2020-35490", "CVE-2016-4429", "CVE-2021-3345", "CVE-2020-36188", "CVE-2020-36180", "CVE-2021-2372", "CVE-2021-2359", "CVE-2021-2462", "CVE-2021-24122", "CVE-2017-5637", "CVE-2021-2397", "CVE-2019-0228", "CVE-2021-2427", "CVE-2019-17543", "CVE-2021-2439", "CVE-2017-7656", "CVE-2021-2353", "CVE-2021-2335", "CVE-2021-29921", "CVE-2021-2447", "CVE-2020-8203", "CVE-2021-2345", "CVE-2021-2398", "CVE-2020-9489", "CVE-2020-24616", "CVE-2021-2424", "CVE-2021-2420", "CVE-2020-5397", "CVE-2021-2355", "CVE-2021-2375", "CVE-2021-21351", "CVE-2020-36187", "CVE-2021-2430", "CVE-2021-2405", "CVE-2021-30640", "CVE-2021-2385", "CVE-2021-2445", "CVE-2021-2438", "CVE-2020-24750", "CVE-2020-8277", "CVE-2021-2384", "CVE-2020-35491", "CVE-2021-2337", "CVE-2021-23841", "CVE-2021-2404", "CVE-2020-13934", "CVE-2019-12402", "CVE-2021-2326", "CVE-2021-2343", "CVE-2017-14735", "CVE-2020-27218", "CVE-2021-2358", "CVE-2019-15604", "CVE-2019-2725", "CVE-2021-33037", "CVE-2021-2377", "CVE-2020-1967", "CVE-2020-8286", "CVE-2021-2436", "CVE-2020-27193", "CVE-2021-2342", "CVE-2021-2440", "CVE-2021-2399", "CVE-2021-2352", "CVE-2021-2329", "CVE-2020-36183", "CVE-2021-2426", "CVE-2021-2396", "CVE-2021-2346", "CVE-2021-2338", "CVE-2021-21275", "CVE-2021-2432", "CVE-2017-5461", "CVE-2021-2368", "CVE-2021-2350", "CVE-2015-0254", "CVE-2019-12415", "CVE-2020-7733", "CVE-2021-2418", "CVE-2020-5398", "CVE-2021-2378", "CVE-2020-25648", "CVE-2021-2351", "CVE-2021-2360", "CVE-2021-2333", "CVE-2021-31811", "CVE-2021-2417", "CVE-2019-5064", "CVE-2020-14060", "CVE-2019-0205", "CVE-2018-0737", "CVE-2020-36189", "CVE-2019-12399", "CVE-2021-22112", "CVE-2020-36179", "CVE-2020-27843", "CVE-2020-13956", "CVE-2020-14062", "CVE-2021-21347", "CVE-2021-25329", "CVE-2021-2403", "CVE-2021-2421", "CVE-2021-21343", "CVE-2021-2336", "CVE-2021-2369", "CVE-2021-2376", "CVE-2020-10878", "CVE-2019-10173", "CVE-2021-27906", "CVE-2020-8908", "CVE-2021-2451", "CVE-2021-2383", "CVE-2021-2454", "CVE-2021-2390", "CVE-2021-2415", "CVE-2021-2381", "CVE-2021-22883", "CVE-2021-2443", "CVE-2019-0219", "CVE-2020-14195", "CVE-2020-2555", "CVE-2019-20330", "CVE-2021-21290", "CVE-2021-2460", "CVE-2019-2729", "CVE-2021-22901", "CVE-2021-2442", "CVE-2021-2344", "CVE-2021-2401", "CVE-2020-25638", "CVE-2020-24553", "CVE-2021-2386", "CVE-2021-2392", "CVE-2021-2361", "CVE-2021-2348", "CVE-2018-21010", "CVE-2019-12260", "CVE-2021-2391"], "modified": "2021-09-03T00:00:00", "id": "ORACLE:CPUJUL2021", "href": "https://www.oracle.com/security-alerts/cpujul2021.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
Oracle WebLogic Server has an unspecified vulnerability (CNVD-2021-59240)
