Lucene search
K

238 matches found

OSV
OSV
added 2023/10/17 10:15 p.m.6 views

CVE-2023-22072

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful...

9.8CVSS7.3AI score0.00625EPSS
Exploits0References1
Prion
Prion
added 2023/10/17 10:15 p.m.26 views

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful...

7.5CVSS9.4AI score0.00625EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/17 10:15 p.m.17 views

Code injection

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic...

5CVSS7.3AI score0.00562EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/10/17 12:0 a.m.5 views

Oracle Fusion Middleware Security Vulnerability

Oracle Fusion Middleware Oracle Fusion Middleware and Oracle WebLogic Server are both products of Oracle Corporation.Oracle Fusion Middleware is a business innovation platform for enterprise and cloud environments. The platform provides middleware, software collections, and more.Oracle WebLogic...

8.1CVSS6.7AI score0.00512EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/17 12:0 a.m.5 views

Oracle Fusion Middleware Security Vulnerability

Oracle Fusion Middleware Oracle Fusion Middleware and Oracle WebLogic Server are both products of Oracle Corporation.Oracle Fusion Middleware is a business innovation platform for enterprise and cloud environments. The platform provides middleware, software collections, and more.Oracle WebLogic...

7.5CVSS6.7AI score0.00562EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/17 12:0 a.m.7 views

PT-2023-6174 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 12.2.1.4.0 through 14.1.1.0.0 Description: The issue is related to errors in handling input data in the Oracle WebLogic Server Core component. This can be exploited by a remote attacker to execute arbitrary cod...

9.8CVSS9.3AI score0.0075EPSS
Exploits0References10
GithubExploit
GithubExploit
added 2023/05/29 2:8 a.m.578 views

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

CVE-2023-21839-metasploit-scanner Usage git clone https://...

7.5CVSS8AI score0.99811EPSS
Exploits10
Zero Day Initiative
Zero Day Initiative
added 2023/03/15 12:0 a.m.67 views

Oracle WebLogic Server IIOP Protocol Deserialization of Untrusted Data Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Oracle WebLogic Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the IIOP protocol. Crafted data in an IIOP protocol...

5.9CVSS7.7AI score0.00857EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:37 a.m.4 views

SUSE CVE-2013-3009

The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call...

9.3CVSS8.9AI score0.04382EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 5:32 a.m.4 views

SUSE CVE-2014-0428

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not comment...

10CVSS6.4AI score0.06051EPSS
Exploits0References17
Prion
Prion
added 2023/01/18 12:15 a.m.30 views

Code injection

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle...

5CVSS7.3AI score0.00949EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2023/01/18 12:0 a.m.41 views

Oracle WebLogic Server Remote Code Execution Vulnerability (CNVD-2023-04389)

Oracle WebLogic Server is an application services middleware from Oracle for cloud and traditional environments that provides a modern, lightweight development platform that supports full lifecycle management of applications from development to production and simplifies application deployment and...

7.5CVSS3AI score0.99811EPSS
Exploits10References1
CNNVD
CNNVD
added 2023/01/18 12:0 a.m.5 views

Oracle WebLogic Server 安全漏洞

Oracle WebLogic Server is an application services middleware from Oracle for cloud and traditional environments that provides a modern, lightweight development platform that supports full lifecycle management of applications from development to production and simplifies application deployment and...

7.5CVSS9.3AI score0.99811EPSS
Exploits10References4
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.7 views

PT-2023-1295

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 12.2.1.3.0 through 12.2.1.4.0 Oracle WebLogic Server version 14.1.1.0.0 Description The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server, allowing an...

7.8CVSS7.4AI score0.99811EPSS
Exploits10References54
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.5 views

PT-2023-1309 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 12.2.1.3.0 through 12.2.1.4.0 Oracle WebLogic Server version 14.1.1.0.0 Description: The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server, allowing an...

7.8CVSS8.8AI score0.00857EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2022/08/18 12:0 a.m.4 views

The vulnerability of the Core server component of Oracle WebLogic Server allows a hacker to gain access to modify, add, or delete data, or cause partial service disruption.

The vulnerability of the Core server component of Oracle WebLogic Server exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to remotely gain access to modify, add, or delete data, or cause a partial service outage using the IIOP and T3...

6.5CVSS6.5AI score0.00729EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2022/07/21 12:0 a.m.29 views

Oracle WebLogic Server Core Component Input Validation Error Vulnerability

Oracle WebLogic Server is a product of Oracle Corporation. Oracle WebLogic Server is an application services middleware for cloud and traditional environments that provides a modern, lightweight development platform that supports the entire lifecycle management of applications from development to...

6.5CVSS6.3AI score0.00729EPSS
Exploits0References1
OSV
OSV
added 2022/07/19 10:15 p.m.3 views

CVE-2022-21560

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle...

5.3CVSS6.3AI score0.0088EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/21 12:0 a.m.14 views

Oracle WebLogic Server Input Validation Error Vulnerability (CNVD-2022-36951)

Oracle WebLogic Server is an application services middleware from Oracle for cloud and traditional environments that provides a modern, lightweight development platform that supports full lifecycle management of applications from development to production and simplifies application deployment and...

7.5CVSS1.7AI score0.01265EPSS
Exploits0References1
CVE
CVE
added 2022/04/19 8:37 p.m.125 views

CVE-2022-21441

CVE-2022-21441 pertains to Oracle WebLogic Server (Fusion Middleware, Core). Affected are WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. The flaw allows an unauthenticated, network-accessible attacker via T3/IIOP to cause the server to hang or crash (DoS). Root cause is described...

7.5CVSS7.7AI score0.01265EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder