Lucene search
K

238 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:20 a.m.5 views

CVE-2023-21838

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle...

7.5CVSS6.3AI score0.00857EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:19 a.m.7 views

CVE-2023-21837

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle...

7.5CVSS6.3AI score0.00949EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:30 p.m.6 views

CVE-2020-6282

SAP NetWeaver AS JAVA IIOP service SERVERCORE, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA IIOP service CORE-TOOLS, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually use...

5.8CVSS6.8AI score0.01148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:25 a.m.11 views

CVE-2011-1313

Double free vulnerability in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service S0C4 ABEND and storage corruption by rejecting IIOP requests at opportunistic time instants, as demonstrated by request...

5CVSS6.7AI score0.00926EPSS
Exploits0References1
CNVD
CNVD
added 2025/03/25 12:0 a.m.17 views

IIOP Deserialization Remote Code Execution Vulnerability in Kingdee Apusic Application Server of Kingdee Software (China) Co.

Kingdee Apusic Application Server AAS is an enterprise-level middleware, which fully supports JakartaEE specification, provides Web, EJB, WebService containers, and adapts to domestic hardware and software, and is used to support the operation of enterprise-level applications. A remote code...

8.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 2:16 p.m.8 views

CVE-2020-2963

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web Services. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via IIOP, T3 to...

7.2CVSS6.5AI score0.01384EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/01/22 12:0 a.m.11 views

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, allows attackers to disclose protected information.

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to disclose sensitive information using the T3/IIOP protocol...

7.8CVSS7.6AI score0.49689EPSS
Exploits3References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.6 views

PT-2025-4257

The vulnerable software is Oracle WebLogic Server, specifically the Core component of Oracle Fusion Middleware. The affected versions are 12.2.1.4.0 and 14.1.1.0.0. This issue allows an unauthenticated attacker to remotely compromise a WebLogic server via T3 or IIOP protocols, potentially leading...

10CVSS7.7AI score0.008EPSS
Exploits0References26
CISA KEV Catalog
CISA KEV Catalog
added 2025/01/07 12:0 a.m.21 views

Oracle WebLogic Server Unspecified Vulnerability

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3...

9.8CVSS7.2AI score0.94928EPSS
In wildExploits11
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.4 views

PT-2024-6823

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 Description The issue is related to a vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware, specifically in the Core component. This vulnerability allows an...

10CVSS7.2AI score0.00709EPSS
Exploits0References50
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.4 views

PT-2024-6926 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 12.2.1.4.0 through 12.2.1.4.0 Oracle WebLogic Server versions 14.1.1.0.0 through 14.1.1.0.0 Description: The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server. Th...

7.8CVSS8.1AI score0.00682EPSS
Exploits0References7
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/18 12:0 a.m.40 views

Oracle WebLogic Server Remote Code Execution Vulnerability

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution...

9.8CVSS7.5AI score0.94548EPSS
In wildExploits1
Tenable Nessus
Tenable Nessus
added 2024/07/19 12:0 a.m.308 views

Oracle WebLogic Server (July 2024 CPU)

The 12.2.1.4.0 and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory: - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that a...

9.8CVSS7AI score0.49689EPSS
Exploits5References8
NVD
NVD
added 2024/07/16 11:15 p.m.34 views

CVE-2024-21182

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic...

7.5CVSS0.49689EPSS
Exploits3References2
OSV
OSV
added 2024/07/16 11:15 p.m.3 views

CVE-2024-21182

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic...

7.5CVSS7.3AI score0.49689EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2024/07/16 12:0 a.m.5 views

PT-2024-5587 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 12.2.1.4.0 through 14.1.1.0.0 Description: The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access via T3 ...

10CVSS7.9AI score0.01119EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/12/07 12:0 a.m.7 views

PT-2023-9842

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server version 12.2.1.4.0 Oracle WebLogic Server version 14.1.1.0.0 Description A flaw in the Core component of Oracle WebLogic Server, part of Oracle Fusion Middleware, is caused by insufficient input validation and a...

7.8CVSS8.2AI score0.49689EPSS
Exploits3References81
Positive Technologies
Positive Technologies
added 2023/12/07 12:0 a.m.5 views

PT-2023-9637 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 12.2.1.4.0 through 14.1.1.0.0 Description: The issue is related to insufficient protection of internal data in the Oracle WebLogic Server Core component. This can be exploited by a remote attacker to gain...

7.8CVSS8AI score0.00441EPSS
Exploits0References6
CISA KEV Catalog
CISA KEV Catalog
added 2023/11/16 12:0 a.m.37 views

Oracle Fusion Middleware Unspecified Vulnerability

Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server...

9.8CVSS7AI score0.93168EPSS
In wildExploits18
BDU FSTEC
BDU FSTEC
added 2023/10/19 12:0 a.m.7 views

The vulnerability of the Core server component of Oracle WebLogic Server allows a hacker to execute arbitrary code.

The vulnerability of the Core server component of Oracle WebLogic Server is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely by injecting specially crafted messages via T3 and IIOP protocols...

10CVSS8.2AI score0.0075EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder