6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Oracle WebLogic Server, an Oracle product, is an application services middleware for cloud and traditional environments that provides a modern, lightweight development platform that supports full lifecycle management of applications from development to production, and simplifies application deployment and management. An input validation error vulnerability exists in Oracle WebLogic Server (component: Core) versions 12.2.1.3.0 and 12.2.1.4.0, which stems from incorrect input validation in the core components of Oracle WebLogic Server and can be exploited by a remote, unauthenticated attacker. The vulnerability can be exploited by a remote, unauthenticated attacker to access the network via T3, IIOP, resulting in an unauthorized update, insertion, or deletion of partially accessible data to Oracle WebLogic Server.