Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2023-04389
HistoryJan 18, 2023 - 12:00 a.m.

Oracle WebLogic Server Remote Code Execution Vulnerability (CNVD-2023-04389)

2023-01-1800:00:00
China National Vulnerability Database
www.cnvd.org.cn
21

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

JSON

Oracle WebLogic Server is an application services middleware from Oracle for cloud and traditional environments that provides a modern, lightweight development platform that supports full lifecycle management of applications from development to production and simplifies application deployment and management.Oracle WebLogic Server is vulnerable to A remote code execution vulnerability can be exploited to send malicious requests to an affected server via the IIOP/T3 protocol, leading to access to sensitive information and execution of arbitrary code on the target server.

Related

cisa_kev 1
githubexploit 6
cve 1
prion 1
attackerkb 1
packetstorm 1
zdt 1
metasploit 1
malwarebytes 1
thn 1
nessus 1
rapid7blog 1
oracle 1
cisa_kev
cisa_kev
Oracle WebLogic Server Unspecified Vulnerability
2023-05-01 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Oracle Weblogic Server
2023-02-13 03:42:27
Exploit for Vulnerability in Oracle Weblogic Server
2023-04-15 08:57:10
Exploit for Vulnerability in Oracle Weblogic Server
2023-05-29 02:08:37
cve
cve
CVE-2023-21839
2023-01-18 00:15:13
prion
prion
Code injection
2023-01-18 00:15:00
attackerkb
attackerkb
CVE-2023-21839
2023-01-18 00:00:00
packetstorm
packetstorm
Oracle Weblogic PreAuth Remote Command Execution
2023-06-12 00:00:00
zdt
zdt
Oracle Weblogic PreAuth Remote Command Execution Exploit
2023-06-12 00:00:00
metasploit
metasploit
Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization
2023-05-24 18:17:47
malwarebytes
malwarebytes
Oracle WebLogic Server vulnerability added to CISA list as β€œknown to be exploited”
2023-05-03 14:30:00
thn
thn
Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected
2023-05-02 05:35:00
nessus
nessus
Oracle WebLogic Server (Jan 2023 CPU)
2023-01-19 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-06-16 20:40:51
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

JSON
Related for CNVD-2023-04389
cisa_kev1githubexploit6cve1prion1attackerkb1packetstorm1zdt1metasploit1malwarebytes1thn1nessus1rapid7blog1oracle1