Lucene search
K

Oracle WebLogic Server (January 2026 CPU)

🗓️ 21 Jan 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 11 Views

WebLogic Server versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0 face January 2026 CVEs.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses uthentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.
9 Jul 202507:25
ibm
IBM Security Bulletins
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)
3 Sep 202518:09
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-48976)
15 Aug 202509:21
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in Apache Commons IO affects IBM watsonx Assistant for IBM Cloud Pak for Data
5 Feb 202520:46
ibm
IBM Security Bulletins
Security Bulletin: IBM Operational Decision Manager for December 2025 - Multiple CVEs addressed
29 Jan 202607:37
ibm
IBM Security Bulletins
Security Bulletin: Denial of Service vulnerability in Apache Commons IO affects IBM Business Automation Workflow - CVE-2024-47554
7 Feb 202516:25
ibm
IBM Security Bulletins
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for February 2025.
13 Mar 202616:55
ibm
IBM Security Bulletins
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to multiple Apache Tomcat vulnerabilities (CVE-2025-48976, CVE-2025-48988)
17 Jul 202518:27
ibm
IBM Security Bulletins
Security Bulletin: IBM SPSS Analytic Server is affected by a Denial of Service (DoS) vulnerability in Apache Commons FileUpload.
20 Sep 202500:54
ibm
IBM Security Bulletins
Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Publishing Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the org.apache.commons.io.input.XmlStreamReader class.
3 Jan 202511:04
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(294869);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/30");

  script_cve_id(
    "CVE-2024-47554",
    "CVE-2025-12383",
    "CVE-2025-41249",
    "CVE-2025-48976",
    "CVE-2025-53864"
  );
  script_xref(name:"IAVA", value:"2026-A-0069");
  script_xref(name:"IAVA", value:"2026-A-0070-S");

  script_name(english:"Oracle WebLogic Server (January 2026 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of WebLogic Server installed on the remote host are
affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory.

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized
    Third Party Jars (Eclipse Jersey)). Supported versions that are affected are 14.1.1.0.0, 14.1.2.0.0 and
    15.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via
    HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in
    unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server
    accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic
    Server accessible data. (CVE-2025-12383)

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized
    Third Party Jars (Apache Commons FileUpload)). Supported versions that are affected are 12.2.1.4.0 and
    14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP
    to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized
    ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.
    (CVE-2025-48976)

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core (Spring
    Framework)). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0.
    Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to
    compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized
    access to critical data or complete access to all Oracle WebLogic Server accessible data. (CVE-2025-41249)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cpujan2026csaf.json");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujan2026.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the January 2026 Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-12383");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/01/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/01/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:weblogic_server");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_weblogic_server_installed.nbin", "os_fingerprint.nasl");
  script_require_ports("installed_sw/Oracle WebLogic Server", "installed_sw/Oracle Data Integrator Embedded Weblogic Server", "installed_sw/JDeveloper's Integrated WebLogic Server");

  exit(0);
}

include('vcf_extras_oracle.inc');

var app_info = vcf::oracle_weblogic::get_app_info();

var constraints = [
  { 'min_version' : '12.2.1.4.0', 'fixed_version' : '12.2.1.4.251223', 'fixed_display' : '38820898 or 38792523' },
  { 'min_version' : '14.1.1.0.0', 'fixed_version' : '14.1.1.0.251223', 'fixed_display' : '38799653 or 38793419' },
  { 'min_version' : '14.1.2.0.0', 'fixed_version' : '14.1.2.0.251223', 'fixed_display' : '38799629 or 38792753' },
  { 'min_version' : '15.1.1.0.0', 'fixed_version' : '15.1.1.0.260107', 'fixed_display' : '38833934 or 38823015' }
];

vcf::oracle_weblogic::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

30 Apr 2026 00:00Current
7High risk
Vulners AI Score7
CVSS 3.17.4 - 7.5
CVSS 49.4
EPSS0.64718
SSVC
11