CVE-2023-21960

2023-04-1820:15:15

[email protected]

web.nvd.nist.gov

oracle weblogic server

vulnerability

unauthorized access

partial dos

CVSS3

5.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

23.9%

JSON

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).

Affected configurations

Nvd

Node

oracleweblogic_serverMatch12.2.1.3.0

oracleweblogic_serverMatch12.2.1.4.0

VendorProductVersionCPE
oracleweblogic_server12.2.1.3.0cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
oracleweblogic_server12.2.1.4.0cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	weblogic_server	12.2.1.3.0	cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
oracle	weblogic_server	12.2.1.4.0	cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*