#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(294869);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/30");
script_cve_id(
"CVE-2024-47554",
"CVE-2025-12383",
"CVE-2025-41249",
"CVE-2025-48976",
"CVE-2025-53864"
);
script_xref(name:"IAVA", value:"2026-A-0069");
script_xref(name:"IAVA", value:"2026-A-0070-S");
script_name(english:"Oracle WebLogic Server (January 2026 CPU)");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of WebLogic Server installed on the remote host are
affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory.
- Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized
Third Party Jars (Eclipse Jersey)). Supported versions that are affected are 14.1.1.0.0, 14.1.2.0.0 and
15.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via
HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in
unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server
accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic
Server accessible data. (CVE-2025-12383)
- Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized
Third Party Jars (Apache Commons FileUpload)). Supported versions that are affected are 12.2.1.4.0 and
14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP
to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.
(CVE-2025-48976)
- Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core (Spring
Framework)). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0.
Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to
compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized
access to critical data or complete access to all Oracle WebLogic Server accessible data. (CVE-2025-41249)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cpujan2026csaf.json");
script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujan2026.html");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the January 2026 Oracle Critical Patch Update advisory.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-12383");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/01/20");
script_set_attribute(attribute:"patch_publication_date", value:"2026/01/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/21");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:weblogic_server");
script_set_attribute(attribute:"stig_severity", value:"I");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("oracle_weblogic_server_installed.nbin", "os_fingerprint.nasl");
script_require_ports("installed_sw/Oracle WebLogic Server", "installed_sw/Oracle Data Integrator Embedded Weblogic Server", "installed_sw/JDeveloper's Integrated WebLogic Server");
exit(0);
}
include('vcf_extras_oracle.inc');
var app_info = vcf::oracle_weblogic::get_app_info();
var constraints = [
{ 'min_version' : '12.2.1.4.0', 'fixed_version' : '12.2.1.4.251223', 'fixed_display' : '38820898 or 38792523' },
{ 'min_version' : '14.1.1.0.0', 'fixed_version' : '14.1.1.0.251223', 'fixed_display' : '38799653 or 38793419' },
{ 'min_version' : '14.1.2.0.0', 'fixed_version' : '14.1.2.0.251223', 'fixed_display' : '38799629 or 38792753' },
{ 'min_version' : '15.1.1.0.0', 'fixed_version' : '15.1.1.0.260107', 'fixed_display' : '38833934 or 38823015' }
];
vcf::oracle_weblogic::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation